Re: FLASH CP-000142-MW TLP: WHITE

[Greg Sawyer <greg.sawyer () CAUDIT EDU AU>]

Hi Brian

I hope you are well.

Thanks for the inadvertent share, it started a good conversation locally.

Regards
Greg

Greg Sawyer | Director, Cybersecurity Program | CAUDIT | 
www.caudit.edu.au<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.caudit.edu.au%2F&data=02%7C01%7CBill.Jones%40blackboard.com%7C8b015ce8dfb244852db208d4af523d58%7Cbf0b29a25e5c4aaaba4dac988df15ea6%7C0%7C0%7C636326215855563952&sdata=KmJNEHDV440j4YXgLjYV8K9sIsTOAW2ThopKeXIcvtk%3D&reserved=0>
Mob: +61 414 385 539 | greg.sawyer () caudit edu au<mailto:greg.sawyer () caudit edu au>
Location: Blue Mountains | Mail: PO Box 9432 Deakin, ACT 2600 | Australia

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Brian Kelly
Sent: Wednesday, 17 March 2021 12:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FW: FLASH CP-000142-MW TLP: WHITE

Sharing to maximize reach, we first shared information on PYSA 
(https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/ ) back in December.
The FBI has shared update below/attached with the REN-ISAC and EDUCAUSE.



[cid:image001.png@01D71B36.B9E70CF0]
ALCON,

Please see the attached FBI Liaison Alert System (FLASH) CP-000142-MW TLP: WHITE, Increase in PYSA Ransomware Targeting 
Education Institutions.


FLASH is being disseminated to increase US Government and private sector awareness of cyber actors targeting 
educational institutions, provide indicators of compromise and recommended mitigations for PYSA ransomware.

This product is marked TLP: WHITE. The information in this product may be distributed without restriction, subject to 
copyright controls.


Respectfully,

CyWatch

855-292-3937




Brian Kelly, CISSP, CISM, CEH
Director, Cybersecurity 
Program<https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program>
bkelly () educause edu<mailto:bkelly () educause edu>

EDUCAUSE
Uncommon Thinking for the Common Good
Follow HEISC on 
LinkedIn<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C7197d41189e4414981ae08d69dc9670a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636869885680898966&sdata=%2FYvU%2BLTYHbPmcyL1AoksiKTSdMeFQ93qASFmTp8Emmo%3D&reserved=0>
 | Twitter: @HEISCouncil

direct: 475.449.6440 | educause.edu<http://www.educause.edu/>
1150 18th Street, NW, Suite 900 Washington, DC 20036



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community