‘Prestige’ Ransomware Group Targets Organizations in Ukraine and Poland

Security

A novel ransomware campaign has been spotted targeting organizations in the transportation and logistics industries in Ukraine and Poland using a previously unidentified ransomware payload.

Dubbed “Prestige ranusomeware” by its creators, the malware was observed by the Microsoft Threat Intelligence Center (MSTIC), targeting several organizations on October 11 in attacks occurring within an hour of each other.

According to an advisory published by Microsoft last Friday, the campaign had several notable features that differentiate it from other ransomware ones tracked by the tech giant.

“The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks,” the company explained.

“The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as Hermetic Wiper).”

Despite these similar deployment techniques, however, Microsoft said the new campaign is distinct from recent destructive attacks leveraging AprilAxe or FoxBlade that have impacted critical infrastructure organizations in Ukraine over the last two weeks. 

“MSTIC has not yet linked this ransomware campaign to a known threat group and is continuing investigations. MSTIC is tracking this activity as DEV-0960,” the company wrote. Noticeably, Microsoft uses ‘DEV’ designations as a temporary name for unknown, emerging or developing clusters of threat activity.

The tech giant also confirmed it is continuing to monitor the Prestige campaign and is in the process of notifying customers impacted by DEV-0960 but not yet ransomed. 

“The threat landscape in Ukraine continues to evolve, and wipers and destructive attacks have been a consistent theme,” Microsoft said.

“Ransomware and wiper attacks rely on many of the same security weaknesses to succeed. As the situation evolves, organizations can adopt the hardening guidance [here] to help build more robust defenses against these threats.”

To defend against this and other cyber-threats, Ukraine has recently enhanced cooperation efforts with various European Union (EU) cybersecurity agencies.

Products You May Like

Articles You May Like

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
US Government Issues Cloud Security Requirements for Federal Agencies
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Leave a Reply

Your email address will not be published. Required fields are marked *