New Prestige ransomware sets sights on Ukraine, Poland

Reuters reports that numerous Ukraine- and Poland-based logistics and transportation firms have been targeted with the novel Prestige ransomware. While the Prestige ransomware attacks have not yet been pinned on a particular threat group, the newest intrusions resembled cyberattacks launched by a cyber threat group associated with the Russian government against Ukrainian agencies, Microsoft said in its report. Organizations impacted by the Prestige ransomware also overlapped with those affected by the FoxBlade, or HermeticWiper, malware in attacks against Ukrainian, Latvian, and Lithuanian computer systems when Russia's invasion of Ukraine began. Threat actors behind Prestige have been able to obtain administrator privileges prior to ransomware deployment, with Prestige performing data encryption before leaving a ransom note requiring a decryptor for locked files, the report said. "The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks," said Microsoft researchers.