Connect with us

Hi, what are you looking for?


PYSA ransomware behind most double extortion attacks in November


Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors’ arsenal.

Threat actors’ focus is also shifting to entities belonging to the government sector, which received 400% more attacks than in October.

The spotlight in November was stolen by the PYSA ransomware group (aka Mespinoza), which had an explosive rise in infections, recording an increase of 50%.

Other dominant ransomware groups are Lockbit and Conti, which launched attacks against critical entities, albeit fewer than in previous months.

The first signs of PYSA activity reaching threatening levels became apparent in March 2021, leading to the FBI publishing an alert about the actor’s activity escalation.

Like almost all ransomware groups currently, PYSA exfiltrates data from the compromised network and then encrypts the originals to disrupt operations.

The stolen files are used as leverage in ransom negotiations, where the attackers threaten to publicly release data if a ransom is not paid.

Advertisement. Scroll to continue reading.
PYSA data leak site
PYSA data leak site

New extortion trends and tactics

Another actor the NCC group report focuses on is Everest, a Russian-speaking ransomware gang who currently uses a new extortion method.

Whenever their ransom demands aren’t met within the allocated negotiation time, Everest sells access to the victim’s corporate network to other threat actors.

This practice creates additional troubles for the compromised entities, as they now have to manage multiple infections and repeated attacks simultaneously.

“While selling ransomware-as-a-service has seen a surge in popularity over the last year, this is a rare instance of a group forgoing a request for a ransom and offering access to IT infrastructure – but we may see copycat attacks in 2022 and beyond,” comments NCC Group’s report.

Another trend that is expected to have a meteoric rise in December and the coming months is the exploitation of the Log4Shell exploit to deploy ransomware payloads.

Already, Conti worked on developing an infection chain based on the Log4Shell exploit and is likely using it to rapidly execute attacks on vulnerable networks.

Ransomware is a shifting threat that quickly evolves to new defenses, so several security precautions and measures are required to protect against it sufficiently.

If you’re looking for the best prevention practices, you can start with CISA’s ransomware guide that offers several solid security recommendations.

With Christmas approaching and the IT teams working understaffed due to holidays, applying defenses even at the last minute could prove a savior.

Source link

Advertisement. Scroll to continue reading.

Click to comment

Leave a Reply




Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful...

Social Media

This is interesting – TikTok is currently testing a new ‘Repost’ option with some users which enables them to re-share TikTok clips to their...

Top Stories

Shrapnel claims to be the world’s first AAA shooter game built on the blockchain. The team is comprised of BAFTA and Emmy award-winning developers...

Online Business Success

Biance app is seen on a smartphone in this illustration taken, July 13, 2021. — Reuters/File Dubai World Trade Centre says it will become...

Loan And Finance

Do you remember the good old days? The ones where you had a house phone with a curly wire and you begged your parents...

Top Stories

Bitcoin (BTC) rebounded over 5% on Dec. 21 as a dramatic turnaround in the fortunes of the Turkish lira boosted investors’ confidence. BTC/USD 1-hour...

Social Media

Meta has provided an end-of-year update on its Bulletin newsletter platform, which it first launched back in April as part of a push to...

Top Stories

The narrative surrounding Ether (ETH) of it fast transforming into an independent asset has been around for some time now. However, the last few...


You May Also Like

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...


In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...