Ransomware
PYSA
First seen: 2019-10 • Status: active
Currently Active Threat
PYSA ransomware loves attacking schools and hospitals. They use common IT tools against their victims.
Overview
PYSA (Protect Your System Amigo) heavily targets education and healthcare. They use Advanced Port Scanner and PsExec.
Also Known As
Mespinoza
How It Spreads
- • RDP exploitation
- • Phishing
What It Does
- • File encryption
- • Data theft
- • Education targeting
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for PsExec abuse
- • Watch education sector
MITRE ATT&CK Techniques
T1486, T1021
If You're Infected
- 1.
Restrict PsExec use
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required