[HEADS UP] More Australian Companies Hit By Mespinoza/Pysa Ransomware

Two more Australian companies have been hit by attackers using the Mespinoza/Pysa Windows ransomware, the same malware that was used to take down the Australian money management firm MyBudget, security sources have told iTWire.

One firm listed on the website utilised by attackers who use the ransomware is Matthews Australasia which describes itself as "a family business... the Australian leader in intelligent product identification, product inspection and software traceability solutions".

Also listed by the attackers is the accounting firm Fitzpatrick Rushinek Associates, which has offices in the Melbourne CBD and also in Bentleigh, a beachside suburb. Matthews has operations in New Zealand, apart from offices in Queensland, Western Australia, New South Wales and South Australia.

Zipped data from Matthews Australasia has been listed on the Mespinoza/Pysa website, while data from Fitzpatrick Rushinek Associates was listed and then appears to have been removed. Mespinoza/Pysa is one among a growing number of Windows ransomware that first exfilitrates victims' files to a server specified by the attackers. Only after that is the victims' information encrypted and a ransom note generated on machines that have been attacked.

These ransomware operators somewhat sarcastically list their victims as "partners", saying on their website: "We decided to promote the business of our partners. Please look at the documents to learn more." Callow, who works for the New Zealand-headquartered security firm Emsisoft, added: "The only way to stop ransomware attacks is to make them unprofitable, and that means companies must up their security game so as not be in the position of needing to pay ransoms."

iT Wire has the full story: https://www.itwire.com/security/two-more-australian-companies-hit-by-mespinoza-pysa-ransomware.html