The US law enforcement groups have recently announced taking action against ransomware actors that harm their nation, which led the ransomware group, Pysa, also known as Mespinoza, to dump dozens of stolen victim data all at once to their leak website.
The victim data dump included over 50 organisations, private firms, and universities with their stolen information posted on Pysa’s leak site.
The FBI has called out the threat group’s attention last March due to their grave records targeting seminaries, K-12 school, and higher education. According to the FBI, about 12 education institutions that the ransomware threat group had targeted throughout the US and the UK. Last year, the French National Agency for the Security of Information Systems filed the same threat alert against Pysa.
Many ransomware analysts question Pysa’s timing of data leaking due to their liking on waiting for the right timing to execute their plans on their leak site. Some even said that it is not expected of the ransomware group to publish new victims’ data.
Pysa group has a history of taking more than six months before leaking victims’ stolen data after hitting them.
Some analysts also added that the threat group takes several months to name and shame their victims, separating their methods from other ransomware groups. As of now, the threat group’s reason for their tactics remains ambiguous for the security experts.
The US, the UK, and other territories have teamed up to take measures against ransomware groups, including the notorious REvil, and other organisations that aid these threat actors in laundering illegal profits.
Dubbed “Operation GoldDust”, agencies from the US have partnered up with Europol, Interpol, and more law enforcement teams, aiming to disrupt ransomware groups worldwide for the past half-year. Dozens of ransomware members have already been captured because of the movement throughout Europe. Moreover, the movement has also caused the REvil group’s infrastructure to be taken down for the second time around.
Many analysts have wondered whether Pysa’s actions are connected to the authorities’ movements to express their confidence to continue their operations despite being hunted.