PYSA OVERVIEW
The Pysa Ransomware is a popular Ransomware-as-a-Service (RaaS) that has been observed operating since at least mid-2019. The name "Pysa" is possibly derived from the Zanzibari coin of the same name. The actors have also claimed the name to be an acronym for "Protect Your System Amigo."
ACTORS
It should be noted that the actors that use the Pysa RaaS also frequently engage in doxware operations where they exfiltrate data pre-encryption and threaten to disclose it on their leak site should the ransom not be paid.
OBSERVABLES
Hi Company,
Every byte on any types of your devices was encrypted.
Don't try to use backups because it were encrypted too.
To get all your data back contact us:
[email protected]
[email protected]
--------------
FAQ:
1.
Q: How can I make sure you don't fooling me?
A: You can send us 2 files(max 2mb).
2.
Q: What to do to get all data back?
A: Don't restart the computer, don't move files and write us.
3.
Q: What to tell my boss?
A: Protect Your System Amigo.
Ref: https://dissectingmalwa.re/another-one-for-the-collection-mespinoza-pysa-ransomware.html