PYSA Ransomware Accelerates its Pace of Targeting Victims

 

 

 

Security analysts have recently identified several attack trends and observed a significant increase in PYSA ransomware attacks. The attackers are focusing on the twin attempts to demand a ransom from the victims.

PYSA attack
The report of NCC Group highlights the huge increase in infections by PYSA Ransomware in the month of November.

        The gang pulls out the data from the target network and then encrypts the system. 

Additional trends and statistics
    The stolen files are used to negotiate ransom through a double-extortion strategy, where attackers threaten to leak data online if the ransom demand is denied.


In March, PYSA's activity reached danger level and the FBI issued an alert about its activity.

Everest group's new attack strategy
Another actor mentioned in the report is the Russian-speaking ransomware group Everest which uses a new extortion method.

    If the group's ransom demands are not met within a given time frame, the threat group claims to sell access to the victims' corporate networks to other cybercriminals.
   

Additional trends and statistics

    Other major ransomware families active during the same period include LockBit and Conti, which were targeting significant entities.

    Additionally, the report shows that there has been a 1.9% increase in ransomware attacks as compared to October.

    North America (154 victims) and Europe (96 victims) were the most targeted regions in November.