FBI TLP White Report: Increase in PYSA Ransomware Targeting Education Institutions – March 16, 2021

Alert Number
CP-000142-MW

FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. The unidentified cyber actors have specifically targeted higher education, K-12 schools, and seminaries. These actors use PYSA to exfiltrate data from victims prior to encrypting victim’s systems to use as leverage in eliciting ransom payments.

View the entire report under Key Resources.

Related Resources

Infographics
Public
The Russian Foreign Intelligence Service, known as SVR, poses a significant risk to U.S. and allied government networks.
Letter/Comment
Public
The AHA shares with Senate and House leaders the association’s recommendations for infrastructure investments that should be included in an upcoming…
Guides/Reports
Public
Health care is increasingly moving to a digital platform. Recent major investments in health information technology, such as electronic health records and…
Issue Landing Page
The AHA has created a panel of a limited number of highly-reputable and qualified cybersecurity service providers to support AHA member hospitals and health…
Testimony
Public
John Riggi, AHA senior advisor for cybersecurity and risk, testimony before the Senate Homeland Security and Governmental Affairs Committee on defending…
Special Bulletin
Member
Federal agencies this morning are providing new information on an imminent ransomware threat to U.S. hospitals.