Security analysts have identified several attack trends recently and noted a significant increase in PYSA ransomware attacks. The attackers are focusing on double-extortion attempts to demand ransom from victims.

The PYSA attacks

The NCC Group report highlights a massive rise in infections by the PYSA ransomware in the month of November.
  • The report indicates a 50% surge in the number of organizations targeted by PYSA ransomware, along with a 400% rise recorded in victims in the government sector.
  • The gang exfiltrates data from targeted networks and then encrypts systems.
  • The stolen files are used for ransom negotiations via a double-extortion tactic, where the attackers threaten to leak the data online if victims deny ransom demands.

In March, PYSA's activity reached threatening levels and the FBI had issued an alert regarding its activity.

Everest group uses new attack tactic

Another actor mentioned in the report is the Russian-speaking ransomware group Everest that uses a new extortion method.
  • If the group’s ransom demands aren't fulfilled within a given negotiation time, the threat group claims to sell access to the corporate network of victims to other cybercriminals.
  • This way, the victim company now needs to worry about the data leaks, as well as take immediate steps to prevent attacks by other threat actors using the same attack methods.

Additional trends and statistics

  • Other prominent ransomware families active during the same duration include LockBit and Conti, which were targeting critical entities.
  • Additionally, the report suggests that there has been a 1.9% increase in ransomware attacks in comparison to October.
  • North America (154 victims) and Europe (96 victims) were the most targeted regions in November.
  • Another notable trend was the exploitation of the Log4Shell exploit to spread ransomware payloads, where Conti already developed an infection chain based on the Log4Shell vulnerability.

Conclusion

Ransomware operators are known for adapting to the latest trends and quickly evolving attack techniques to dodge detection. Such evolutions make it harder for security solutions to detect or stop the threat. Thus, organizations should always invest more in robust anti-ransomware security measures.

Cyware Publisher

Publisher

Cyware