A group of cybercriminals is increasingly targeting colleges, schools and seminaries and attempting to extort them, the FBI’s Cyber Division has warned.
In an advisory to cybersecurity professionals and system administrators published Tuesday, the FBI said that criminals are leveraging software called PYSA ransomware to access IT networks, block access to vital information and systems through encryption, and demand payment to restore access.
In a double-extortion tactic that has also been employed by criminals using other types of ransomware, the criminals are not only requesting payment in exchange for making encrypted data accessible again. They are also threatening to sell sensitive information such as Social Security numbers on the dark web if institutions or affected individuals do not meet demands.
PYSA ransomware, also known as Mespinoza, has recently been used in attacks on educational institutions in 12 U.S. states and the United Kingdom, the FBI reported. The agency became aware of PYSA in March 2020. In addition to educational institutions, the ransomware has been involved in attacks on government entities, private companies and the health-care sector. The criminals behind PYSA ransomware have not been identified.