Create a Post
Showing results for 
Search instead for 
Did you mean: 

Case Study: Mespinoza/Pysa Ransomware Attack

Case Study: Mespinoza/Pysa Ransomware Attack

In early 2020, a Global Holding company experienced a cyber incident after they detected encryption of some of their systems as part of a ransomware attack. The company’s IT and security team started working to stop the attack through the isolation of infected systems. At the same time, the company contacted the Check Point Incident Response Team (CPIRT) to conduct a root cause analysis and to run a wider compromise assessment on the company’s network. CPIRT provided technology and staff to conduct the investigation and assessment remotely. CPIRT analyzed infected computers and used an agentless endpoint scanning technology to assess the rest of the company network.

The analysis of the company’s infected computers revealed that the company was infected with the Mespinoza/Pysa ransomware (See Fig. 1).

Figure 1. Mespinoza/Pysa ransom note.Figure 1. Mespinoza/Pysa ransom note.


Ransomware are malicious software (malware) that are installed on compromised

TO READ THE FULL POST it's simple and free