There recently has been a string of attacks targeting schools with a ransomware known has PYSA. PYSA will compromise a network through the remote desktop protocol (RDP) either by exploiting a vulnerability or using compromised credentials to login to the service.
After the attacks have access to the network, they will start spreading across the network to other machines and stealing any data they deem valuable. After they have the data they want, they attackers will then encrypt the computers on the network.
Users will then be locked out of their computers and the lock screen will show instructions on how to get their data back. The attackers threated to release the data they stole on the dark web as well as never unlock the computers.
Attacks in the past have used a service called Mega.nz to upload files to a storage folder in the cloud by downloading a client on the victim PC that uploads data. Attackers have somewhat strained away from this method as it leaves a lot of evidence.
The attackers will also upload malware to the computer so that they can have persistent access.
Firestorm Cyber protects companies and organizations from ransomware threats like this one by providing advanced security and endpoint protection to stop attackers from spreading malware across your network. We also perform vulnerability scans and penetration tests to find flaws in your network and patch them so that no attackers can compromise your machines. If you want to take the next steps to protect your organization, contact us.