The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in attacks occurring within an hour of each other across all victims.
TARGETED COUNTRY: Ukraine
MALWARE FAMILIES: HackTool:Win32/RemoteExec, Impacket - S0357
ATT&CK ID: T1471 - Data Encrypted for Impact