Sign Up
Log in

Pysa Ransomware

PYSA OVERVIEW

The Pysa Ransomware is a popular Ransomware-as-a-Service (RaaS) that has been observed operating since at least mid-2019. The name “Pysa” is possibly derived from the Zanzibari coin of the same name. The actors have also claimed the name to be an acronym for “Protect Your System Amigo.”

ACTORS

It should be noted that the actors that use the Pysa RaaS also frequently engage in doxware operations where they exfiltrate data pre-encryption and threaten to disclose it on their leak site should the ransom not be paid.

OBSERVABLES

Hi Company,

Every byte on any types of your devices was encrypted.
Don't try to use backups because it were encrypted too.

To get all your data back contact us:
[email protected]
[email protected]
--------------

FAQ:

1.
   Q: How can I make sure you don't fooling me?
   A: You can send us 2 files(max 2mb).

2.
   Q: What to do to get all data back?
   A: Don't restart the computer, don't move files and write us.

3.
   Q: What to tell my boss?
   A: Protect Your System Amigo.

Ref: https://dissectingmalwa.re/another-one-for-the-collection-mespinoza-pysa-ransomware.html

Get the Free Hunt Packages!
Check Out Other Emerging Threats >

Join our newsletter

  • This field is for validation purposes and should be left unchanged.

Follow Us

Twitter Linkedin Youtube

Discover More!

TECHNICAL WALKTHROUGH

SEE THE POWER OF THREAT HUNTING IN YOUR ENVIRONMENT & ON YOUR TOOLS TODAY!

Schedule a WALKTHROUGH!

Subscribe to our newsletter

  • This field is for validation purposes and should be left unchanged.
Linkedin Discord Podcast Spotify Youtube Twitter Tiktok Instagram Facebook Github
© Copyright 2024 Cyborg Security Security, Inc. All Rights Reserved
Website by Squeeze Marketing