Sunday, August 9, 15:20
Home security France: New ransomware gang targets local government networks

France: New ransomware gang targets local government networks

The French Cyber ​​Security Agency, France CERT (CERT-FR), issued a warning about one new gang of ransomware already done attacks into a local government networks.

According to the security team, the criminals attack, using one new version of Mespinoza ransomware, known as Pysa ransomware.

This ransomware was first detected in October 2019. According to reports then published, victims reported that the encrypted archives they were getting the .locked extension.

A new version of Mespinoza was detected two months later, in December 2019. This time, the ransomware was placing the .pysa extension in the encrypted files. For this reason, it is also known as Pysa.

In these attacks, most of the victims were Companies. This suggests that the team behind this new ransomware aimed mainly at large corporations networks, obviously to be able to ask for more money for ransom.

Now, CERT-FR says that the gang behind the Pysa ransomware targets the French organizations. The service has received multiple notifications attacks.

We do not know how ransomware gang infects its victims

CERT-FR says it is continuing to research to find out how the Pysa group acquires access on the victim's networks. However, there are some data that help researchers make some assumptions.

For example, CERT-FR stated that there is evidence to suggest that the Pysa gang begins with brute-force attacks on management consoles and Active Directory accounts.

Then, the hackers they steal databases with accounts; and codes access the company's.

The victims also reported seeing unauthorized RDP connections to domain controllers.

In addition, the Pysa gang developed a version of it PowerShell Empire penetration-testing tool, stopped several products protection from viruses and in some cases uninstalled Windows Defender.

CERT-FR said it also found a new file extension. Instead of .pysa, ransomware was installing the extension .newversion.

Researchers said they analyzed ransomware and encryption algorithms, but failed to find any errors that would allow them to victims bypass payment of ransom and decrypt their files for free.

According to CERT-FR, the Pysa ransomware code is "specific and very short" and "based on public Python libraries".

However, the attacks are not limited to France alone. Researchers security they revealed that the ransomware gang targets both business and government networks around the world.

Big-game hunter

Mespinoza / Pysa is the latest ransomware gang to deal with “Big game hunting” ή "Human-operated ransomware". This means that the gangs are targeting Companies "High profile", infringe on their networks and then install ransomware on their networks.

Other gangs of ransomware specializing in "big game hunting" are the Ryuk, Revil (Sodinokibi), LockerGoga, RobbinHood, DoppelPaymer, Maze and many others.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


LucidPix: Make your photos 3D with this app!

Give a 3D format to your photos, with the LucidPix application, which is available in various versions for both Android and iPhone ...

Private or anonymous browsing: Does it guarantee your privacy on the Internet?

The term "private" is relevant, especially when it comes to private or anonymous browsing on the Internet, a setting in your web browser ...

Businesses: 8 types of cyber attacks to watch out for

Nowadays, all businesses, small and large must be on alert, as they can ...

How to reverse image search via Google?

The term "image search" is familiar to those who use search engines. It means that you are looking for an image related to a text that ...

Email tracking: How to be invisible in Gmail

Most people do not know what "email tracking" is, and they often fall victim to hacking and data interception when they open ...

Free services to check the validity of your passwords

Two-factor authentication, one-on-one connectivity and other tools have made it easier than ever to improve your internet security, ...

How can you back up your Gmail?

Many users may change jobs, decide to stop using a particular email account or just want a copy ...

Amazon Prime Video: How to create a new user profile?

Amazon Prime Video has added a new handy feature: the ability to create separate profiles with individual parental controls. See how you can ...

Hacker leaked online 20 GB of Intel internal documents!

Intel is investigating reports that a hacker has leaked online 20 GB of data coming from the giant of ...

How to pin comments on Instagram via smartphone?

One of the most popular applications that exists today, Instagram, regularly presents new features for users ...