PYSA ransomware targeting educational institutions in UK and USA


The Federal Bureau of Investigation (FBI) has warned all educational institutes operating across 11 states in North America and UK against a ransomware variant dubbed as PYSA. The federal agency says that the said file encrypting malware has already hit around 21 K-12 higher education schools, private institutes along with 4 Universities so far and the victim list might increase by this month end.

As usual, the PYSA ransomware can send data to remote servers and then locking down the database with encryption until a ransom is paid. The attack is taking place by compromising Remote Desktop Protocol credentials or phishing attacks.

FBI analysis says that the threat actors behind the attack are using Advanced Port Scanners and Advanced IP Scanners to conduct network reconnaissance and are then found downloading tools like PowerShell Empire, Koadic and Mimikatz that then help the attackers in deactivating the antivirus software on victim networks and then makes them concealed in their activities.

Law enforcement agency says that it is hard to remove the malicious files as they are hard to find on the infected machines.

So, it is better to keep the network safeguarded proactively by taking regular backups, storing them at offline sites, and ensuring that the critical data cannot be changed by others except by those with admin privileges and educating employees on how the current cyber landscape is evolving will do good many times.

Also, keeping your operating system and other software up to date and changing passwords from time to time makes sense in such situations say experts.

Disabling RDPs, and installing anti-virus software and never clicking on email links send by unknown people might surely help.