2 min read

Prestige Ransomware Aims at Ukrainian and Polish Organizations, Microsoft Warns

Vlad CONSTANTINESCU

October 17, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Prestige Ransomware Aims at Ukrainian and Polish Organizations, Microsoft Warns

Microsoft disclosed that threat actors are deploying a new strain of ransomware dubbed Prestige against logistics and transportation organizations in Poland and Ukraine.

The new ransomware was noticed earlier this month in attacks that unfolded within one hour. According to Microsoft, several things set apart the recently discovered campaign from other tracked ransomware movements:

  • Appears to be unrelated to any of the other 94 currently active ransomware groups tracked by the company
  • Deploying ransomware enterprise-wide is uncommon in Ukraine
  • Prestige ransomware appears to have a Russia-aligned agenda for acquiring its targets
  • The activity overlaps with previous FoxBlade (HermeticWiper) malware victims

“Despite using similar deployment techniques, the campaign is distinct from recent destructive attacks leveraging AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper) that have impacted multiple critical infrastructure organizations in Ukraine over the last two weeks,” Microsoft’s security advisory reads. “MSTIC has not yet linked this ransomware campaign to a known threat group and is continuing investigations. MSTIC is tracking this activity as DEV-0960.”

Before deploying ransomware on the compromised systems, Prestige operators used RemoteExec and Impacket WMIexec, two remote code execution utilities. In some of the environments, threat actors extracted credentials and escalated privileges by using the following:

  • comsvcs.dll – stealing credentials and dumping LSASS process memory
  • ntdsutil.exe – backing up the Active Directory database
  • winPEAS – escalating privileges on Windows

In all the observed incidents, the perpetrators already had access to elevated accounts before deploying the ransomware. Although the initial access vector has not been identified yet, Microsoft believes that the attackers could’ve exploited existing admin-level access from previous incidents.

The company included a set of mitigation tips against Prestige ransomware campaigns:

  • Enable multi-factor authentication (MFA) to prevent threat actors from logging into potentially compromised accounts
  • Stop lateral movement using Impacket’s WMIexec component by blocking process creations that originate from WMI and PSExec commands
  • Use the indicators of compromise (IOC) included in the advisory to assess if your system has been compromised

Specialized software such as Bitdefender Ultimate Security can keep you safe from ransomware and other cybernetic threats with its extensive range of features, including:

  • All-around, continuous monitoring against ransomware, Trojans, viruses, worms, rootkits, spyware, zero-day exploits, and other types of e-threats
  • Network threat prevention that analyzes and identifies various types of suspicious network-level activities and blocks them before they can harm you
  • Advanced threat defense module that meticulously scans active apps and takes instant action upon detecting suspicious activity
  • Web-filtering technology that protects you against landing on harmful websites

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams BBB Warns Social Security Beneficiaries of Cost of Living Adjustment Scams
Alina BÎZGĂ

February 01, 2023

2 min read
Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read