New Prestige Ransomware Targeting Polish and Ukrainian Organizations

2022-10-17 10:15

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige.

The method of initial access remains unknown, with Microsoft noting that the threat actor had already obtained privileged access to the compromised environment to deploy the ransomware using three different methods.

In a related development, Fortinet FortiGuard Labs took the wraps off a multi-stage attack chain that leverages a weaponized Microsoft Excel document, which masquerades as a spreadsheet for generating salaries for Ukrainian military personnel to drop Cobalt Strike Beacon.

The findings come amid an explosion of relatively new ransomware strains that have been gaining traction on the threat landscape, including that of Bisamware, Chile Locker, Royal, and Ransom Cartel, over the past few months.

Ransom Cartel, which surfaced in mid-December 2021, is also notable for sharing technical overlaps with REvil ransomware, which shut shop in October 2021 following immense law enforcement scrutiny into its operations after a string of high-profile attacks on JBS and Kaseya.

It's not just REvil that's back on the ransomware radar.

News URL

https://thehackernews.com/2022/10/new-prestige-ransomware-targeting.html

#ransomware #ukrainian