One firm listed on the website utilised by attackers who use the ransomware is Matthews Australasia which describes itself as "a family business... the Australian leader in intelligent product identification, product inspection and software traceability solutions".
Also listed by the attackers is the accounting firm Fitzpatrick Rushinek Associates, which has offices in the Melbourne CBD and also in Bentleigh, a beachside suburb.
Matthews has operations in New Zealand, apart from offices in Queensland, Western Australia, New South Wales and South Australia.
|
|
Mespinoza/Pysa is one among a growing number of Windows ransomware that first exfilitrates victims' files to a server specified by the attackers.
Only after that is the victims' information encrypted and a ransom note generated on machines that have been attacked.
These ransomware operators somewhat sarcastically list their victims as "partners", saying on their website: "We decided to promote the business of our partners. Please look at the documents to learn more."
iTWire has contacted both these companies for comment.
Contacted for comment, ransomware researcher Brett Callow told iTWire: "Ransomware attacks frequently succeed only because basic security best practices were not adhered to: patches were not applied promptly, MFA (multi-factor authentication) was not used and so on.
"This has to change. Every time a company pays a ransom, it provides threat actors with more motivation and more resources to scale up their operations."
Callow, who works for the New Zealand-headquartered security firm Emsisoft, added: "The only way to stop ransomware attacks is to make them unprofitable, and that means companies must up their security game so as not be in the position of needing to pay ransoms."
