High
The ANSSI was recently informed of computer attacks. During these attacks, ransomware-type malware was used, rendering certain files unusable. The origin of these attacks is unknown to date, and analyses are currently underway. The compromise presented in this document has affected interconnected information systems, and appears to mainly use a variant of ransomware known as open source as Mespinoza.
The Mespinoza ransomware has been used since October 2018 at least. Early versions produced files
encrypted with the extension “.locked”, common to many ransomware. Since December 2019, a new version of Mespinoza is documented in open source, sometimes called Pysa because it produces files
encrypted with the extension “.pysa”.
File encryption
SHA-256