PYSA, which has surpassed the Conti ransomware gang, has found success with government-sector attacks.
PYSA, also known as Mespinoza, has reached Conti as the leading ransomware threat group in November. It joined the ranks of Lock bit, which has dominated the space since August.
According to NCC Group's November ransomware insights, PYSA increased its market share with a 50% increase in the number of targeted organizations, including a 400% increase in attacks against government-sector systems.
Double-Extortion and Beyond
PYSA frequently uses double-extortion against its marks, exfiltrating and encrypting data before threatening to publicly publish the data if the victim does not pay the ransom.
The FBI issued a special alert about PYSA's focus on the education sector in March, warning schools to be on the lookout for phishing lures and brute-force Remote Desktop Protocol attacks as initial-access techniques.
Everest Changes Tactics to Sell Early Access
According to NCC Group, the Russian-language ransomware positioned Everest is getting its extortion tactics to the next level, threatening to sell off access to targeted systems if their demands are not met.
According to NCC Group, Everest would sometimes skip the ransom demand entirely and instead focus on selling access. Analysts are keeping a close eye on this to see if it sparks a new trend among other groups.
"While ransomware-as-a-benefit has grown in favour in the last year, this is an example of a group preceding a ransom demand and rather of delivering access to IT infrastructure – but we may witness copycat aggression in 2022 and beyond," the report said. According to the NCC Group, the regions with the most attacks are North America and Europe.
Conti is making a comeback.
Meanwhile, the Russian-language group Conti's prevalence fell by 9.1 percent. However, the threat group is expected to make amends in December by announcing that it was the first professional ransomware attacker to develop a full weaponized attack chain against the Log4Shell vulnerability.
According to an advance report from last week, Conti's advantage is its size: The organization "plays a unique role in today's threat landscape, owing to its size."
Airzero Sec's Cybersecurity experts have been working on a variety of projects for a number of well-known organizations for many years. Use our prior experience to your advantage, whether it's to assist you in getting there or to conduct technical tests. If you have any concerns about PYSA emerging as the leading ransomware actor, please contact us. Airzero Sec will be your companion.
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/