A New Ransomware is Targeting Finance, Government and Healthcare Organizations

A ransomware called Pysa is the new kid on the block. It was also the culprit behind file-encrypting attacks in November. This dominant strain was responsible for a 400% rise in attacks on government organizations at the end of last year (source: NCC Group).  

Who and what is Pysa?  

Pysa is a ransomware gang that utilizes double extortion to pressure victims to pay an extortion demand. In November, they dumped leaks from 50 previously compromised organizations (source). With a 50% increase in Pysa attacks in November, Pysa successfully overtook Conti ransomware and now joins Lockbit ransomware as the two most common types currently.  

Pysa ransomware most commonly targets government organizations, healthcare organizations and high-value financial institutions. Their strategy is to employ phishing techniques for credentials to compromise Remote Desktop Protocol (RDP) connections.  

As we continue to see an increase in ransomware attacks and growth of ransomware gangs, you may be wondering, what’s the end game? We’re seeing three key trends emerge from successful ransomware gangs:  

  1. Ransomware groups are offering paid access to the IT infrastructure of their victims. 
  1. Ransomware groups are threatening to release stolen data if a victim refuses to pay ransom. 
  1. Selling ransomware-as-a-service has surged in popularity in the last year. 

Where will all of this lead?  

Here’s our take: as long as organizations continue to pay ransom and there is money to be made, ransomware will continue to evolve.  

What does this mean for your organization?  

Security is as important as ever. As we build into 2022, make sure your organization is properly investing in IT security. Preventative security will be the key to success for organizations in 2022 and beyond.  

If Clarity Technology Group can support your organization with managed IT services and security, let’s chat. Get in touch with us here.