FBI Issues Warning About PYSA Ransomware Attacks Targeting Educational Institutions in the US and UK

The FBI Cyber Division reported that they have monitored increased PYSA ransomware activity specifically targeting educational institutions in the US and UK. 

“Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors,” said the FBI  in the TLP:WHITE flash alert.

The targets were reportedly schools in 12 U.S. states and in the United Kingdom and encompassed higher education, K-12 schools, and seminaries.

Pysa which is also known as Mespinoza was first spotted in October 2019 and is known to be delivered by phishing emails or using stolen/compromised Remote Desktop Protocol (RDP) credentials.

Pysa also has data exfiltration and encryption capabilities which could affect personally identifiable information (PII), payroll tax information.

The FBI said that educational institutions should use a tool with Snort signatures created by CISA and to consider the precautions in their alert.

The FBI also advised educational institutions to not pay Pysa ransoms and to report any suspected intrusions. 


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.