Friday, October 23, 03:09
Home security France: New ransomware gang targets local government networks

France: New ransomware gang targets local government networks

The French Cyber ​​Security Agency, France CERT (CERT-FR), issued a warning about one new gang of ransomware already done attacks into a local government networks.

According to the security team, the criminals attack, using one new version of Mespinoza ransomware, known as Pysa ransomware.

This ransomware was first detected in October 2019. According to reports then published, victims reported that the encrypted archives they were getting the .locked extension.

A new version of Mespinoza was detected two months later, in December 2019. This time, the ransomware was placing the .pysa extension in the encrypted files. For this reason, it is also known as Pysa.

In these attacks, most of the victims were Companies. This suggests that the team behind this new ransomware aimed mainly at large corporations networks, obviously to be able to ask for more money for ransom.

Now, CERT-FR says that the gang behind the Pysa ransomware targets the French organizations. The service has received multiple notifications attacks.

We do not know how ransomware gang infects its victims

CERT-FR says it is continuing to research to find out how the Pysa group acquires access on the victim's networks. However, there are some data that help researchers make some assumptions.

For example, CERT-FR stated that there is evidence to suggest that the Pysa gang begins with brute-force attacks on management consoles and Active Directory accounts.

Then, the hackers they steal databases with accounts; and codes access the company's.

The victims also reported seeing unauthorized RDP connections to domain controllers.

In addition, the Pysa gang developed a version of it PowerShell Empire penetration-testing tool, stopped several products protection from viruses and in some cases uninstalled Windows Defender.

CERT-FR said it also found a new file extension. Instead of .pysa, ransomware was installing the extension .newversion.

Researchers said they analyzed ransomware and encryption algorithms, but failed to find any errors that would allow them to victims bypass payment of ransom and decrypt their files for free.

According to CERT-FR, the Pysa ransomware code is "specific and very short" and "based on public Python libraries".

However, the attacks are not limited to France alone. Researchers security they revealed that the ransomware gang targets both business and government networks around the world.

Big-game hunter

Mespinoza / Pysa is the latest ransomware gang to deal with “Big game hunting” ή "Human-operated ransomware". This means that the gangs are targeting Companies "High profile", infringe on their networks and then install ransomware on their networks.

Other gangs of ransomware specializing in "big game hunting" are the Ryuk, Revil (Sodinokibi), LockerGoga, RobbinHood, DoppelPaymer, Maze and many others.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to remove Edge tabs from Alt + Tab in Windows 10

Starting with the October 2020 update, Windows 10 now displays Microsoft Edge browser tabs in the Alt + Tab task ...

Patient information is held for ransom by hackers

A company offering psychological support and psychotherapy services to thousands of patients in Finland has fallen victim to hackers. As the company stated, ...

ESafety believes that social media authentication would not be practical

Australian eSafety Commissioner Julie Inman-Grant has dismissed the practice of verifying users' identities on social media.

First beta version of the "1Password" application for Linux

One and a half months after the first rumors about the release of the 1Password application for the Linux desktop, the co-founder of Dave Teare announced now ...

The price of Bitcoin skyrockets after PayPal adds cryptocurrency

The price of Bitcoin reached a very high record on Wednesday, after the announcement of PayPal for the integration of cryptocurrency in the online ...

Dr Reddy is closing its laboratories worldwide following a data breach

The pharmaceutical company Dr Reddy 's Laboratories (DRL) was forced to close its laboratories worldwide, after a data breach that ...

PayPal lets users use cryptocurrency

PayPal on Wednesday announced a new feature that will allow users to buy, store and sell cryptocurrency.

Activists are developing face recognition technology to reveal the identities of police officers

In early September, Portland, Oregon City Council held a virtual meeting to consider legislation that ...

Tesla share rises almost 5%

Tesla's Elon Musk released the results for the third quarter of 2020 on Wednesday. The share rose almost 5% on ...

Account Takeover Attacks: How to Avoid Them?

Account Takeover (ATO) attacks are a form of theft, often used by criminals. The attackers are trying to break into accounts ...