Notices
In an effort to better communicate with the Hamilton College community of ongoing information security notices and alerts this Notices and Alerts page seeks provide information on cybersecurity activity targeted at the Hamilton Community and the broader higher education community. Awareness and education are the strongest defense to stop malicious activity and protect Hamilton's systems, data, and people. For any information security concerns contact infosec@hamilton.edu.
FBI WARNS INCREASE IN PYSA RANSOMWARE TARGETING EDUCATION INSTITUTIONS
March 16, 2021
Tags FBI Information Security Ransomware
(https://www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/)
The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.
The CP-000142-MW flash alert issued by the FBI today was coordinated with DHS-CISA and it provides indicators of compromise to help guard against the malicious actions of this ransomware gang.
"Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors," the FBI says in the TLP:WHITE flash alert.
"FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. The unidentified cyber actors have specifically targeted higher education, K-12 schools, and seminaries."
The FBI recommends not paying Pysa ransomware's ransoms since giving in to their demands will most likely fund future ransomware attacks and encourage them to target other potential victims.
However, the FBI understands the damages educational institutions face following such attacks and urges them to report the attacks as soon as possible to the local FBI field office or the Internet Crime Complaint Center (IC3), regardless of their decision to pay for a decryptor or not.
Reporting the attack will provide "critical information" like phishing emails, ransomware samples, ransom notes, and network traffic logs which could help prevent or counter future attacks, as well as identify and hold the attackers accountable for their malicious activity.
Contact
Contact Name
Jerry Tylutki
Director of Information Security and Privacy