Understand your needs
Improve our services
Deliver personalised content
Save your preferences
Analyse visitor interactions
Your consent is voluntary – you can always change you cookie settings here.
Pysa ransomware was first spotted in 2019 and quickly became one of the most notorious cyber threats online. It targets higher education institutions, healthcare providers, and private companies in the US and beyond. How dangerous is Pysa, and how can you spot it?
Dec 14, 2021 · 4 min read
Pysa stands for “Protect your system amigo”, which is a sentence included in a ransom note left on infected devices. Hackers use phishing emails, brute-force attacks on servers in which RDP (Remote Desktop Protocol) or AD (Active Directory) is open to the internet, and social engineering techniques to spread Pysa ransomware and lock victims out of their files.
Pysa is categorized as a ransomware-as-a-service (RaaS), which means that its developers offer ransomware for other criminal organizations that usually don’t have capabilities of producing their own malicious programs. The previous version of this ransomware was known as Mespinoza.
Bad actors behind Pysa target high-value organizations like government institutions or healthcare providers that are more sensitive to timing. Imagine if a hospital was locked out of its patients’ data and couldn’t access its IT systems. Every wasted minute could be fatal and lead to damaged reputation, financial losses, and lawsuits.
When Pysa encrypts your files, they all acquire the .pysa filename extension. Let’s say you have a file called “cat.avi”. After your device is infected with ransomware, the filename will change to “cat.avi.pysa”. Hackers also leave instructions on how to retrieve your files in a .txt file, which contains an email you need to contact.
Victims are also allowed to send two files (no more than 2 MB) to criminals, so they can decrypt them and prove that their ransom demands are serious.
Pysa encrypts all non-system files using AES encryption combined with RSA. Even if you delete the ransomware from your computer and restore your system, your files will still be inaccessible.
Before encrypting your files, hackers steal all sensitive data from the targeted computer, so they have leverage against you. If you refuse to meet ransom demands, they can dump all the stolen data on the dark web.
However, you can never be sure if hackers will decrypt your files even after paying them. Cybersecurity experts discourage people from paying criminals and feeding their business model.
Train your staff. Raising awareness among your employees about phishing emails and ransomware is key to successfully fighting cyber criminals. Many organizations conduct phishing simulations, so their employees can learn how to identify malicious emails.
Update your software on time. Postponing software updates can put a device at serious risk, as criminals might exploit a bug that was fixed months ago. Even in global corporations you can still find employees running old versions of software that should have been updated multiple times.
Use strong passwords. Make sure to use uppercase and lowercase letters combined with special characters and numbers in your passwords. It’s important to create unique passwords for all your accounts, as one compromised account could open the gates to all the services you use.
Backup your files. Many people think nothing will even happen to them until it does. Don’t take unnecessary risks and always back up your sensitive data. You can never be sure if you won’t end up with malware, ransomware, or any other malicious program on your computer.
Use a VPN. A VPN redirects your internet data through an encrypted tunnel, thus improving your online security. If you often connect to public networks, having a VPN enabled on your device is crucial for staying safe. With one NordVPN account, you can protect up to six different devices: laptops, tablets, smartphones, and more. NordVPN has more than 5,200 servers in 60 countries, providing users with the best speeds in the VPN industry. While a VPN won’t directly protect against malware infection, it will raise overall security substantially.
Businesses can also benefit from NordLayer, which allows employees to securely access their company’s data and online resources.