The company confirmed this afternoon that it had been hit by Mespinoza. The fact that no documents have yet been put up could mean that negotiations are still going with the company about payment of the ransom. Else, it could be any one of a number of reasons.
MyBudget has made no statement on its website since the last update to the 13-day outage it suffered on Friday last week.
The Computer Emergenecy Response Team in France issued a warning about Mespinoza in March, saying the malware appended the extension .locked to files on a Windows system after an attack and decryption.
"The executable version of the ransomware drops and executes a script named « update.bat » whose purpose is to delete it after execution," the French advisory reads.
"Several system artefacts are generated by the ransomware. First, the malicious code creates a Mutex named « Pysa ». Then, it modifies the registry key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System [T1112] to add the following entries: legalnoticetext = [Ransom demand message] and legalnoticecaption = PYSA. »
"Finally, the encryption routine contains a list of targeted file extensions for encryption, as well as a list of strings identifying the critical files that should be spared (for instance, ':\Windows\'). The files created by the encryption routine carry the .pysa extension."
The advisory said the French researchers had noticed a third variant of Mespinoza that used the .newversion extension for encrypted files.
iTWire has contacted MyBudget using a Web form on the company's website. Apart from that means of contact, there is only a 1300 number provided.
A MyBuget spokesperson responded this afternoon: "As previously reported, MyBudget was recently the target of ransomware by an unknown third party.
"We can confirm that we believe the group responsible is the same group behind other Pysa/Mespinoza malware incidents.
"The investigations are ongoing, and at present, there is no credible evidence that significant data was accessed or will be misused.
"We continue to focus on what matters, our clients and employees, and are meaningfully and accurately communicating to them as appropriate."
Contacted for comment, ransomware researcher Brett Callow, who works for New Zealand-headquartered Emsisoft, said: "So many ransomware groups now steal data that incidents should be treated as breaches from the get-go and clients and business partners notified accordingly.
"This is important to ensure that the people whose data may have been exposed do not themselves become victims of crime.
"It can take several weeks for a company to work out what happened during an incident and whether data was taken, but it takes much less time or a criminal to use stolen information to open a credit card in somebody else's name.
"If people know what's happened, they take action to prevent this from happening."