Australian Information Security Incident Reported: June 04, 2020

Two more Australian companies hit by Mespinoza/Pysa ransomware

Two more Australian companies have been hit by attackers using the Mespinoza/Pysa Windows ransomware, the same malware that was used to take down the Australian money management firm MyBudget, security sources have told iTWire.

Source: Two more Australian companies hit by Mespinoza/Pysa ransomware | iTWire
More reports from: iTWire.

One firm listed on the website utilised by attackers who use the ransomware is Matthews Australasia which describes itself as “a family business… the Australian leader in intelligent product identification, product inspection and software traceability solutions”.

Also listed by the attackers is the accounting firm Fitzpatrick Rushinek Associates, which has offices in the Melbourne CBD and also in Bentleigh, a beachside suburb.

Matthews has operations in New Zealand, apart from offices in Queensland, Western Australia, New South Wales and South Australia.

Zipped data from Matthews Australasia has been listed on the Mespinoza/Pysa website, while data from Fitzpatrick Rushinek Associates was listed and then appears to have been removed.
Mespinoza/Pysa is one among a growing number of Windows ransomware that first exfilitrates victims’ files to a server specified by the attackers.