PYSA Ransomware Was Responsible For Most Double Extortion Cyberattacks in November

PYSA Ransomware Was Responsible For Most Double Extortion Cyberattacks in November

Ransomware attacks surged in November 2021, according to security researchers from NCC Group, with double-extortion remaining a key technique in threat actors’ arsenal. The attention of threat actors is increasingly turning to government organizations, which have been targeted 400 percent more than in October.

IN NOVEMBER, the PYSA ransomware gang (also known as Mespinoza) stole the show, with a 50 percent spike in infections. Lockbit and Conti are two more major ransomware gangs that have conducted attacks against critical infrastructure, but in smaller numbers than in prior months.

The FBI issued a notice regarding PYSA’s activity increase after the first evidence of the actor’s activity reaching dangerous levels in March 2021. PYSA, like nearly all ransomware gangs currently active, steals data from a compromised network before encrypting the originals to disrupt operations.

The stolen files are used as a bargaining chip in ransom talks, with the attackers threatening to reveal material in the public domain if a ransom is not paid. Everest, a Russian-speaking ransomware organization that presently employs a novel extortion strategy, is another entity profiled in the NCC study.

Everest provides access to the victim’s business network to other threat actors if their ransom demands aren’t paid within the allotted negotiating period. This approach adds to the problems faced by the affected entities since they now have to deal with several infections and attacks simultaneously.

“While selling ransomware-as-a-service has seen a surge in popularity over the last year, this is a rare instance of a group forgoing a request for a ransom and offering access to IT infrastructure – but we may see copycat attacks in 2022 and beyond,” as per NCC Group’s report.

The use of the Log4Shell vulnerability to distribute ransomware payloads is another trend predicted to skyrocket in December and the following months. Conti has already developed an infection chain based on the Log4Shell exploit, which is expected to quickly launch cyberattacks on susceptible networks.

Because ransomware is a constantly evolving threat that swiftly adapts to new defenses, various security safeguards and procedures must adequately protect against it. If you’re seeking the finest ransomware protection tips, start with CISA’s ransomware guide, including numerous strong security advice. With Christmas approaching and IT teams operating on a shoestring budget owing to the holidays, deploying protections even at the last minute might save the day.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.