Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

PYSA

Pysa is a variant of the strain known as Mespinoza and is Ransomware as a Service (RaaS) that the attackers sell access to. It typically targets high-level institutions and it acts in a similar manner to other ransomware tools Sodinokibi and Ryuk. The most common sector appears to be education, but other victims include those in manufacturing, medical, construction, transport, retail, and local governments. The malware gets into a system through phishing scams, RDP attacks, or brute-force attacks. Once inside, it steals account credentials, financial data, legal documents, and other forms of sensitive information. Then, as is typical of ransomware, it encrypts the machines on the network and the attackers demand money to decrypt the data, typically in the form of cryptocurrency. The data is posted to a group-controlled website that displays the slogan “Protect Your System Amigo.”

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

Pysa the Ransomware is Attacking Schools

Learn more