Britain-based data security firm NCC Group has released a report that most of the double extortion attacks launched in November 2021 were driven by PYSA ransomware aka Mespinoza.
In an analysis related to malware rise, the NCC Group discovered that over 50% of infections were linked to PYSA that became dominant to other groups like Lockbit and Conti.
As usual, PYSA ransomware first steals data and then encrypts the victimized database until a ransom is paid. And if the victim cannot pay the demanded sum in Cryptocurrency, then the hackers threaten to release data onto the dark web.
The other ransomware group that was witnessed to be dominant in November this year is a Russian-speaking ransomware spreading group named āEverestā.
Everest Ransomware works a bit differently. It not only compromised a network, but threatens to sell access to a victim network to other threat actors, if/when the victim denies paying the demanded sum as ransom in Bitcoins.
So, especially during Christmas 2021, when most of the firms are understaffed because of holidays, itās best that they deploy proactive measures that deter ransomware deployment in corporate networks.
Note 1- FBI and CISA released a ransomware alert that the year 2022 will witness a rise in file encrypting malware infections in 1st and 2nd quarters as threat actors will try to use the Log4Shell exploit to induce ransomware payloads.
Note 2- Conti ransomware spreading gang is reported to have developed an infection chain that will use Log4Shell exploits to execute attacks on vulnerable public and private networks.
