Microsoft has identified a ransomware campaign that is targeting organisations in Ukraine and Poland. The novel ransomware campaign utilises a previously unidentified ransomware payload.
The newly identified ransomware is particularly targeting organisations in the transportation and related logistics industries in Ukraine and Poland. The campaign labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in attacks occurring within an hour of each other across all victims.
This campaign has several features that differentiate it from other Microsoft-tracked ransomware campaign including:
Despite using similar deployment techniques, the campaign is distinct from recent destructive attacks leveraging AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper) that have impacted multiple critical infrastructure organisations in Ukraine over the last two weeks.
The Microsoft Threat Intelligence Center (MSTIC) has not yet linked this ransomware campaign to a known threat group and is continuing investigations.