Introduction to Pysa Ransomware
Pysa ransomware has emerged as a major threat in the cyberthreat landscape. It was first reported by the Federal Bureau of Investigation (FBI) due to its increased activity and high impact. The threat actors behind Pysa target sectors such as government authorities, educational institutions and the healthcare sector.
Technical analysis of Pysa Ransomware
Pysa is human-operated ransomware, which means it does not have the ability to propagate automatically. Pysa operators manually deploy the ransomware as part of complete attack operations. It uses a hybrid encryption approach, combining AES-CBC and RSA to maximize performance and security. In addition, Pysa’s operators use a double extortion tactic, threatening to disclose or sell data if the victim refuses to pay.
Threat profile
Pysa is a new variant of the Mespinoza ransomware. It has targeted higher education institutions, schools and seminaries. Pysa operators have also targeted government entities, private companies and the healthcare sector. They use tools such as PowerShell Empire, Koadic, PsExec and Mimikatz to steal credentials and move laterally through systems.
Defensive measures against Pysa Ransomware
The Cybereason defense platform is capable of detecting and preventing the execution of Pysa ransomware. Using YARA-based detection, it is possible to identify the presence of Pysa in systems. In addition, by locking a mutex object (mutual exclusion lock) named Pysa, Pysa can be prevented from running on a system.
Indicators of compromise
Knowing the indicators of compromise is essential for detecting and responding quickly to a Pysa infection. Some of these indicators include specific executables, associated files, email domains and registry keys.
SOS Ransomware Service: Your shield against ransomware attacks
With the growing threat of ransomware like Pysa, it’s imperative to have a reliable partner to protect you. SOS Ransomware Service is your expert in preventing and responding to ransomware incidents. Don’t let your organization be the next victim. Contact SOS Ransomware Service today and strengthen your defense against cyberattacks.
