FBI Warns of Increase of PYSA Ransomware Targeting Educational Institutions

FBI Warns of Increase of PYSA Ransomware Targeting Educational Institutions

The Federal Bureau of Investigation (FBI) Cyber Division recently released a warning to cybersecurity professionals in the U.S. According to the warning, they detected increased PYSA ransomware activity specifically targeting educational institutions. While singling out educational organizations, the FBI notes the PYSA ransomware surge is also targeting governmental organizations, private enterprises, and the healthcare sector. 

The PYSA ransomware family uses reconnaissance and manual uploading the payloads to infect victim systems, with phishing attacks planting the initial malware. As always, the FBI recommends not paying the ransom on any ransomware attack as it promotes more cyber-threats in the future. Instead, they ask that infected organizations report ransomware attacks to the FBI immediately.  

We spoke with several prominent cybersecurity experts to glean more about this new ransomware family and the implications of its surge. 

Expert Commentary: PYSA Ransomware 

Bryan Embrey

Bryan Embrey is Director of Product Marketing of Zentry Security

“While it is surprising that attackers are now targeting seminaries, leveraging RDP as an attack vector is not. RDP has certain weaknesses that can be mitigated and addressed by deploying zero trust technologies such as single sign-on (SSO) and multi-factor authentication (MFA). SSO offers ways for organizations to provide strong password usage as well as reducing the chance of credential theft, while MFA ensures that only authenticated users get access to sensitive applications and resources. Most notably, RDP has been vulnerable to BlueKeep, a vulnerability identified – and patched – in 2019. Organizations, including seminaries, should check to ensure their systems are patched.”

James Carder

James Carder is Chief Security Officer at LogRhythm.

“Educational institutions are big targets for hackers as thousands of people’s sensitive information is potentially involved, and the substantial shift towards e-learning has made them even more appealing to hackers and ransomware. These attacks on schools can bring education to a halt while potentially exposing every student and teacher’s personal data within the organization. Parents are also targets and may be coerced into paying ransom for personal information or school assignments if the information falls into bad actors’ hands.

This FBI warning is an important reminder that educational institutions need to take a proactive approach and invest in cybersecurity solutions that detect malicious behavior and enable network infrastructure to block any further access attempts. Institutions should patch aggressively, create backups, prepare a response plan, and prioritize educational training to ensure they are equipped to handle attacks and proceed without disruption.”

Mark Bagley

Mark Bagley is VP of Product of AttackIQ

“Student data, like all personally-identifiable information, is an attractive target for ransomware groups, and the recent FBI advisory serves as a reminder that adversaries are continuing to take advantage of the global pandemic by targeting virtual learning environments.

Educational institutions that have adopted a threat-informed defense will be at a significant advantage compared to peers who have not done so. Understanding common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework creates the foundation for a more resilient security program and makes it possible to continuously evaluate the state of their defenses when paired with automation.

Thanks to these experts for their time and expertise. For more, please consult our SIEM Buyer’s Guide.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner