{"id":43907,"date":"2021-11-12T19:18:00","date_gmt":"2021-11-12T19:18:00","guid":{"rendered":"http:\/\/a5b8e694-ae09-4991-aa2f-ad1b9387c6e0"},"modified":"2021-11-12T19:18:00","modified_gmt":"2021-11-12T19:18:00","slug":"ransomware-experts-question-massive-pysa-mespinoza-victim-dump","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/","title":{"rendered":"Ransomware experts question massive Pysa\/Mespinoza victim dump"},"content":{"rendered":"<p>The Pysa ransomware group dumped dozens of victims onto their leak site this week right after US law enforcement officials announced a range of actions taken against ransomware groups.&nbsp;<\/p>\n<p>More than 50 companies, universities, and organizations had their names added to the ransomware group&#8217;s leak site.&nbsp;<\/p>\n<p>The group, which also goes by the name Mespinoza, was called out <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2021\/210316.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">by the FBI in March<\/a> for specifically targeting &#8220;higher education, K-12 schools, and seminaries.&#8221; The FBI said at least 12 educational institutions across the US and UK had been hit with the ransomware. The French National Agency for the Security of Information Systems <a href=\"https:\/\/www.cert.ssi.gouv.fr\/uploads\/CERTFR-2020-CTI-003.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">issued a similar alert<\/a> one year earlier.<\/p>\n<p>Multiple ransomware experts questioned the timing of the leak, noting that Pysa has a penchant for waiting to add victims to their leak site.&nbsp;<\/p>\n<p>Recorded Future ransomware expert Allan Liska told ZDNet he did not think all of the victims published to the site were new.<\/p>\n<p>&#8220;We have seen them take six months, and even longer, from when a victim is first hit to when [stolen data] is published,&#8221; Liska said. &#8220;This could be all the victims they have been stalling on publishing data, but it would represent more victims than we have seen from them the rest of the year. It is a lot of different organizations, from around the world, with no theme.&#8221;&nbsp;<\/p>\n<p>Emsisoft threat analyst Brett Callow told ZDNet that Pysa names and shames its victims weeks, or sometimes months, after the attacks take place, differentiating it from other ransomware groups.&nbsp;<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>The reason they waited this long to leak victim information is still unclear, he said, adding that it was curious they dumped this many names all at once.&nbsp;<\/p>\n<figure class=\"image image-large shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/\" class=\"lazy\" alt=\"fdsi14mvuaquhzl.png\" height=\"auto\" width=\"470\" data-original=\"https:\/\/www.zdnet.com\/a\/img\/resize\/1967131a3688904d3dfeb257fda2fb0481f0befa\/2021\/11\/12\/6a814470-ce3e-4f9b-8678-3a79c2e38b8c\/fdsi14mvuaquhzl.png?width=470&amp;fit=bounds&amp;auto=webp\"><\/span><noscript><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/1967131a3688904d3dfeb257fda2fb0481f0befa\/2021\/11\/12\/6a814470-ce3e-4f9b-8678-3a79c2e38b8c\/fdsi14mvuaquhzl.png?width=470&amp;fit=bounds&amp;auto=webp\" class alt=\"fdsi14mvuaquhzl.png\" height=\"auto\" width=\"470\"><\/span><\/noscript><figcaption readability=\"1\"><span class=\"caption\" readability=\"2\"><\/p>\n<p>A sample from the leak site.<\/p>\n<p><\/span><span class=\"credit\"> Brett Callow <\/span><\/figcaption><\/figure>\n<p>The dump came as law enforcement in the US, Europe, and other regions <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-suspected-revil-ransomware-affiliates-arrested\/\" target=\"_blank\" rel=\"noopener\">took forceful measures<\/a> against a number of ransomware groups.&nbsp;<\/p>\n<p>US officials from the Justice Department, Treasury, and FBI <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-suspected-revil-ransomware-affiliates-arrested\/\" target=\"_blank\" rel=\"noopener\">announced a slate of actions<\/a> taken against some of the members of the REvil ransomware group as well as sanctions against organizations helping ransomware groups launder illicit funds.<\/p>\n<p>US agencies have been working with Europol, Eurojust, Interpol, and other law enforcement organizations on &#8220;Operation GoldDust&#8221; to disrupt multiple ransomware groups over the past six months. Seventeen countries have been involved in the effort, and dozens of people have been arrested across Europe in connection with ransomware groups.<\/p>\n<p>This all followed an operation to take down REvil&#8217;s infrastructure that <a href=\"https:\/\/www.zdnet.com\/article\/revil-ransomware-operators-claim-group-is-ending-activity-again-happy-blog-now-offline\/#:~:text=REvil%20originally%20closed%20shop%20in,worldwide%20and%20caused%20untold%20damage.&amp;text=But%20the%20group%20attracted%20immense,its%20operation%20on%20July%2013.\" target=\"_blank\" rel=\"noopener\">led to the group closing shop<\/a> for the second time.&nbsp;<\/p>\n<p>Both Callow and Liska said the timing of the Pysa&#8217;s dump was curious considering the actions being taken by law enforcement.<\/p>\n<p>&#8220;You can&#8217;t help but wonder whether their doing so now is in response to the news in relation to REvil &#8212; either a middle finger to law enforcement or, perhaps, an expression of confidence in case any of their affiliates are starting to get cold feet,&#8221; Callow told ZDNet.&nbsp;<\/p>\n<p>Liska echoed that it felt like Pysa was &#8220;giving the finger&#8221; to law enforcement after a bad day for ransomware groups.&nbsp;<\/p>\n<p>The FBI said in its March notice that Pysa, which was first seen in 2019, is known for exfiltrating data from victims before encrypting their systems &#8220;to use as leverage in eliciting ransom payments.&#8221;<\/p>\n<p>They noted that in addition to attacks on educational institutions, Pysa has also gone after foreign government entities, educational institutions, private companies, and the healthcare sector.&nbsp;<\/p>\n<p>&#8220;In previous incidents, cyber actors exfiltrated employment records that contained personally identifiable information (PII), payroll tax information, and other data that could be used to extort victims to pay a ransom,&#8221; the FBI said in the notice. &#8220;The cyber actors have uploaded stolen data to MEGA.NZ, a cloud storage and file sharing service, by uploading the data through the MEGA website or by installing the MEGA client application directly on a victim&#8217;s computer. However, in the past, actors have used other methods of exfiltrating data that leaves less evidence of what was stolen.&#8221;<\/p>\n<p>Emsisoft <a href=\"https:\/\/blog.emsisoft.com\/en\/38840\/ransomware-profile-mespinoza-pysa\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">released a profile<\/a> of the ransomware group in July, noting that they operate with the ransomware-as-a-service business model and routinely dump stolen data &#8220;even after the victim company has paid the ransom.&#8221;<\/p>\n<p>They warned victims about cooperating with the group, explaining that Emsisoft&#8217;s decryption tool &#8220;can safely decrypt data encrypted by Mespinoza, provided the victim has obtained the decryption keys.&#8221;<\/p>\n<p>&#8220;Since Mespinoza was first discovered, there have been 531 submissions to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files,&#8221; Emsisoft researchers wrote in July.&nbsp;<\/p>\n<p>&#8220;We estimate that only 25 percent of victims make a submission to ID Ransomware, which means there may have been a total of 2,124 Mespinoza incidents since the ransomware&#8217;s inception. During this time, the group has also published on its leak site the stolen data of at least 104 organizations.&#8221;<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The prolific ransomware group dumped more than 50 victim names onto its leak site this week.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-43907","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware experts question massive Pysa\/Mespinoza victim dump 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware experts question massive Pysa\/Mespinoza victim dump 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-12T19:18:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware experts question massive Pysa\\\/Mespinoza victim dump\",\"datePublished\":\"2021-11-12T19:18:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/\"},\"wordCount\":830,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/ransomware-experts-question-massive-pysamespinoza-victim-dump\\\/\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/\",\"name\":\"Ransomware experts question massive Pysa\\\/Mespinoza victim dump 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/ransomware-experts-question-massive-pysamespinoza-victim-dump\\\/\",\"datePublished\":\"2021-11-12T19:18:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/ransomware-experts-question-massive-pysamespinoza-victim-dump\\\/\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/ransomware-experts-question-massive-pysamespinoza-victim-dump\\\/\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware experts question massive Pysa\\\/Mespinoza victim dump\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware experts question massive Pysa\/Mespinoza victim dump 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware experts question massive Pysa\/Mespinoza victim dump 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-12T19:18:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware experts question massive Pysa\/Mespinoza victim dump","datePublished":"2021-11-12T19:18:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/"},"wordCount":830,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/","name":"Ransomware experts question massive Pysa\/Mespinoza victim dump 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/","datePublished":"2021-11-12T19:18:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#primaryimage","url":"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/","contentUrl":"https:\/\/www.zdnet.com\/article\/ransomware-experts-question-massive-pysamespinoza-victim-dump\/"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-experts-question-massive-pysa-mespinoza-victim-dump\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware experts question massive Pysa\/Mespinoza victim dump"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43907"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43907\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}