A novel ransomware campaign has been spotted targeting businesses in the transportation and logistics industries in Ukraine and Poland working with a previously unknown ransomware payload.
Dubbed “Prestige ranusomeware” by its creators, the malware was observed by the Microsoft Danger Intelligence Middle (MSTIC), concentrating on many businesses on Oct 11 in attacks occurring within an hour of every single other.
According to an advisory published by Microsoft final Friday, the marketing campaign experienced various notable functions that differentiate it from other ransomware ones tracked by the tech large.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“The enterprise-wide deployment of ransomware is not common in Ukraine, and this exercise was not connected to any of the 94 at present active ransomware action groups that Microsoft tracks,” the company stated.
“The exercise shares victimology with latest Russian state-aligned activity, exclusively on afflicted geographies and nations around the world, and overlaps with prior victims of the FoxBlade malware (also known as Airtight Wiper).”
Even with these equivalent deployment techniques, however, Microsoft said the new marketing campaign is unique from modern destructive attacks leveraging AprilAxe or FoxBlade that have impacted critical infrastructure organizations in Ukraine above the previous two months.
“MSTIC has not nevertheless joined this ransomware marketing campaign to a acknowledged menace group and is continuing investigations. MSTIC is tracking this activity as DEV-0960,” the company wrote. Noticeably, Microsoft uses ‘DEV’ designations as a short-term identify for mysterious, emerging or developing clusters of danger exercise.
The tech large also verified it is continuing to check the Status campaign and is in the procedure of notifying shoppers impacted by DEV-0960 but not however ransomed.
“The threat landscape in Ukraine carries on to evolve, and wipers and harmful attacks have been a reliable concept,” Microsoft mentioned.
“Ransomware and wiper attacks depend on numerous of the exact same security weaknesses to succeed. As the problem evolves, businesses can adopt the hardening direction [here] to help develop extra strong defenses against these threats.”
To protect in opposition to this and other cyber-threats, Ukraine has a short while ago enhanced cooperation efforts with several European Union (EU) cybersecurity organizations.
Some parts of this post are sourced from:
www.infosecurity-magazine.com