The relatively new Pysa ransomware was the dominant strain behind file-encrypting attacks in November and saw a 400% rise in attacks on government organizations, according to analysis by security company NCC Group.
Pysa is one of the ransomware gangs utilizing double extortion to pressure victims to pay an extortion demand and dumped leaks from 50 previously compromised organizations last month. Overall in November, the number of Pysa attacks increased 50%, which means it overtook Conti to the join Lockbit in the top two the most common versions of the malware. Conti and Lockbit were the dominant strains since August, according to NCC Group.
Inexplicably, the Pysa leaks data from targets weeks or months after attempting to extort them. The large-scale data dump followed joint US and EU law enforcement action against some members of the REvil ransomware gang, which were behind the attack on IT vendor Kaseya.
Also known as Mespinoza, the Pysa gang seeks out evidence of crime among targets to use as leverage during typically multi-million dollar extortion negotiations.