Pysa Ransomware: Overview, Operation Mode, Prevention

At the very least, the Pysa ransomware was first deployed in October 2018. The initial versions of the ransomware created encrypted files with the “.locked” extension, which is common among ransomware. A new version of Pysa has been detailed in open sources since December 2019. Pysa is the name given to this version since it creates encrypted files with the “.pysa” extension.

What is Pysa Ransomware?

PYSA is a form of ransomware that is increasingly being employed in “big game” assaults, in which attackers select their targets based on their projected ability to pay. PYSA is an acronym for “Protect Your System Amigo,” which is included in the ransom note left for the victim. According to cybersecurity analysts, Pysa is a variant of the Mespinoza ransomware family and has been active since at least October 2019.

The malicious software exfiltrates sensitive information before encryption and uses the stolen data to force the victim to pay a ransom in exchange for the files.

Pysa (also known as Mespinoza) is a human-operated ransom tool created by an as yet unidentified advanced persistent threat group. As with other popular ransomware in 2020 such as Ryuk and Maze; Pysa focuses on high value financial

Read More: https://heimdalsecurity.com/blog/what-is-pysa-ransomware/