Saturday, January 16, 04:30
Home security France: New ransomware gang targets local government networks

France: New ransomware gang targets local government networks

The French Cyber ​​Security Agency, France CERT (CERT-FR), issued a warning about one new gang of ransomware already done attacks into a local government networks.

According to the security team, the criminals attack, using one new version of Mespinoza ransomware, known as Pysa ransomware.

This ransomware was first detected in October 2019. According to reports then published, victims reported that the encrypted archives they were getting the .locked extension.

A new version of Mespinoza was detected two months later, in December 2019. This time, the ransomware was placing the .pysa extension in the encrypted files. For this reason, it is also known as Pysa.

In these attacks, most of the victims were Companies. This suggests that the team behind this new ransomware aimed mainly at large corporations networks, obviously to be able to ask for more money for ransom.

Now, CERT-FR says that the gang behind the Pysa ransomware targets the French organizations. The service has received multiple notifications attacks.

We do not know how ransomware gang infects its victims

CERT-FR says it is continuing to research to find out how the Pysa group acquires access on the victim's networks. However, there are some data that help researchers make some assumptions.

For example, CERT-FR stated that there is evidence to suggest that the Pysa gang begins with brute-force attacks on management consoles and Active Directory accounts.

Then, the hackers they steal databases with accounts; and codes access the company's.

The victims also reported seeing unauthorized RDP connections to domain controllers.

In addition, the Pysa gang developed a version of it PowerShell Empire penetration-testing tool, stopped several products protection from viruses and in some cases uninstalled Windows Defender.

CERT-FR said it also found a new file extension. Instead of .pysa, ransomware was installing the extension .newversion.

Researchers said they analyzed ransomware and encryption algorithms, but failed to find any errors that would allow them to victims bypass payment of ransom and decrypt their files for free.

According to CERT-FR, the Pysa ransomware code is "specific and very short" and "based on public Python libraries".

However, the attacks are not limited to France alone. Researchers security they revealed that the ransomware gang targets both business and government networks around the world.

Big-game hunter

Mespinoza / Pysa is the latest ransomware gang to deal with Big game hunting ή "Human-operated ransomware". This means that the gangs are targeting Companies "High profile", they breach their networks and then install ransomware "cherata" in their networks.

Other ransomware gangs that specialize in "big game hunting" are Ryuk, Revil (Sodinokibi), LockerGoga, RobbinHood, DoppelPaymer, Maze and many others.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...