HHS Warns Healthcare Sector of Pysa Ransomware Threats

Alert Comes as Health Entities Globally Continue Battling Cyberattacks, Fallout

The U.S. Department of Health and Human Services has posted a warning to the healthcare sector about increasing threats involving Pysa ransomware and the cybercriminal gang Mespinoza — also known as Gold Burlap and Cyborg Spider — which operates the malware variant.

In an alert, the DHHS Health Sector Cybersecurity Coordination Center, or HC3, warns that since 2018, the cybercrime group Mespinoza has had a history of targeting healthcare and continues to develop its capabilities and increase its targeting frequency.

“Although the Pysa variant has only been known to be operating since December 2019, it quickly became one of the more prolific threats against healthcare,” HC3 says.

“In 2020, it was one of the top ten ransomware variants used to target healthcare … beating out many other well-known variants such as Clop, LockBit, Nemty, RagnarLocker, Avaddon, MountLocker, and SunCrypt.”

The Geneva, Switzerland-based Cyber Peace Institute, an independent NGO, found that Pysa was one of the most aggressive among all ransomware groups in targeting healthcare over the last two years.

“Pysa threatened healthcare specifically and then followed through with those promises,” HC3 says.

Mespinoza operates a leak site called Pysa’s Partners, which it uses to leverage “name and shame” tactics to apply additional pressure to compel victims to pay ransoms, HC3 says.

Taking Action
There are critical steps that healthcare sector entities, including supply chain partners, can take to defend against becoming the next ransomware victim.

  • Ensure employee training for cyber hygiene and threat identification is up to date.
  • Manage credentials to ensure unneeded access isn’t an issue
  • Use appropriate network segmentation and whitelisting
  • Implement zero trust to the greatest extent possible

If you have questions about the evolving cyber-threat landscape and how to keep your organization safe, contact ITPAC today.