'Prestige' Ransomware Group Targets Organizations in Ukraine and Poland

Written by

A novel ransomware campaign has been spotted targeting organizations in the transportation and logistics industries in Ukraine and Poland using a previously unidentified ransomware payload.

Dubbed “Prestige ransomware” by its creators, the malware was observed by the Microsoft Threat Intelligence Center (MSTIC), targeting several organizations on October 11 in attacks occurring within an hour of each other.

According to an advisory published by Microsoft last Friday, the campaign had several notable features that differentiate it from other ransomware ones tracked by the tech giant.

“The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks,” the company explained.

“The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as Hermetic Wiper).”

Despite these similar deployment techniques, however, Microsoft said the new campaign is distinct from recent destructive attacks leveraging AprilAxe or FoxBlade that have impacted critical infrastructure organizations in Ukraine over the last two weeks. 

“MSTIC has not yet linked this ransomware campaign to a known threat group and is continuing investigations. MSTIC is tracking this activity as DEV-0960,” the company wrote. Noticeably, Microsoft uses ‘DEV’ designations as a temporary name for unknown, emerging or developing clusters of threat activity.

The tech giant also confirmed it is continuing to monitor the Prestige campaign and is in the process of notifying customers impacted by DEV-0960 but not yet ransomed. 

“The threat landscape in Ukraine continues to evolve, and wipers and destructive attacks have been a consistent theme,” Microsoft said.

“Ransomware and wiper attacks rely on many of the same security weaknesses to succeed. As the situation evolves, organizations can adopt the hardening guidance [here] to help build more robust defenses against these threats.”

To defend against this and other cyber-threats, Ukraine has recently enhanced cooperation efforts with various European Union (EU) cybersecurity agencies.

What’s hot on Infosecurity Magazine?