The IT Division subscribes to a number of information feeds from government agencies, and details we received on April 8 from the N.J. Cybersecurity and Communications Integration Cell (NJCCIC) particularly piqued our interest—for two reasons. The first was simply the topic: that the NJCCIC has observed a sharp increase in the number of ransomware attacks targeting the education sector. The software steals files and then encrypts the copies left behind, pressuring the victim institutions by disabling their systems and threatening to disclose the stolen data. The attacks are usually instituted via phishing emails.
The other interesting aspect of the attack, per NJCCIC, is that “The most prolific variant behind these attacks is PYSA ransomware, also known as Mespinoza. PYSA, believed to be an acronym for ‘Protect Your System Amigo,’ is offered as a ransomware-as-a-service (RaaS), in which developers lease the variant to other threat actors.”
At the same time, we were informed by the New York State cyber unit of an unrelated phishing campaign based on fake job offers that was leveraging the same back-end ransomware-as-a-service. Think of it as Chevys and Fords both using the same engine. Once again, we see evidence that there is a well-developed underground economy of cybercriminals in which people with a motive to attack someone can buy or lease the means with which to do so. The determination and sophistication of the people attacking our systems cannot be understated, and the diligence required of each of us grows every day. What can you do? Always remember our “4 Don’ts” of email protection. The majority of these attacks come through phishing emails, and everyone taking the time and care to examine emails will be our greatest protection. FIT provides antivirus protection for FIT-issued computers, but we ask that you please make sure to keep the antivirus software on the computers you personally own up to date since so much FIT work is being done on them while we work from home.
| 
