PYSA Ransomware Accelerates its Pace of Targeting Victims

The PYSA attacks

• The report indicates a 50% surge in the number of organizations targeted by PYSA ransomware, along with a 400% rise recorded in victims in the government sector.
• The gang exfiltrates data from targeted networks and then encrypts systems.
• The stolen files are used for ransom negotiations via a double-extortion tactic, where the attackers threaten to leak the data online if victims deny ransom demands.

Everest group uses new attack tactic

• If the group’s ransom demands aren't fulfilled within a given negotiation time, the threat group claims to sell access to the corporate network of victims to other cybercriminals.
• This way, the victim company now needs to worry about the data leaks, as well as take immediate steps to prevent attacks by other threat actors using the same attack methods.

Additional trends and statistics

• Other prominent ransomware families active during the same duration include LockBit and Conti, which were targeting critical entities.
• Additionally, the report suggests that there has been a 1.9% increase in ransomware attacks in comparison to October.
• North America (154 victims) and Europe (96 victims) were the most targeted regions in November.
• Another notable trend was the exploitation of the Log4Shell exploit to spread ransomware payloads, where Conti already developed an infection chain based on the Log4Shell vulnerability.

Conclusion