A recently unidentified hacker group has used a novel kind of ransomware to assault logistics and transportation firms in European nations, including Poland and Ukraine, said a blog post by Microsoft.
Named ‘Prestige’, the new ransomware swiftly compromised multiple computers from the logistics firms, and it took them less than an hour to complete the attack. Microsoft did not attribute the attack to any organization or state-funded malware gangs.
Hackers target firms in Europe
Microsoft Threat Intelligence Center (MSTIC) and other security researchers discovered the cyberattacks on companies in Ukraine and Poland. The research found that the attack resembled previous techniques connected to the Russian government, which had previously attacked the Ukrainian government services over the ongoing Russia-Ukraine conflict.
As per senior government officials and western security researchers, Russian cyberattacks against Ukraine have been widespread since the outbreak in late February. However, the Ukrainian or Polish cybersecurity organizations did not respond to Microsoft’s request for comment on the issue, nor did the company receive one from the Russian Embassy in Washington, USA.
According to Microsoft, victims of the “Prestige” ransomware also fell prey to another cyberattack that used the “FoxLoad” or “HermeticWiper” malware to breach data. In the initial phase of the Russian invasion of Ukraine, that attack affected hundreds of computers in Ukraine, Lithuania, and Latvia.
How the Prestige ransomware functions
The report revealed that the “Prestige” ransomware encrypts the data of its victims and then leaves a ransom note demanding payment for a decryption tool to release the data. Before injecting the ransomware, the researchers found that the hackers had administrator access to the victims’ systems, which could mean that they already had the victims’ login credentials and were waiting for the right moment to attack.
However, upon investigation, the researchers found that the attack activity was unrelated to any of the 94 current ransomware activity groups that Microsoft monitors and that the enterprise-wide spread of ransomware is unusual in Ukraine.
