Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Finds New Prestige Ransomware Targeting Polish and Ukrainian Businesses

Microsoft has recently discovered a new ransomware campaign that’s targeting organizations within the transportation and logistics industries across Poland and Ukraine. The novel Prestige ransomware strain was first found on October 11, and the attackers targeted a wide range of systems within an hour.

The Microsoft Threat Intelligence Center (MSTIC) explained that it has been unable to track the hacking group behind the ransomware attacks. The security researchers observed that the ransomware campaign is similar to previous attacks by Russian state-backed threat actors that impacted Ukraine government agencies. However, the Prestige ransomware is explicitly targeting the networks of Ukrainian enterprises.

Microsoft is tracking the ransomware campaign as DEV-0960, a term used for previously unidentified threat actors. The hacking group abused several publicly available tools for remote-code execution to steal highly privileged administrator credentials within the victim’s network.

Specifically, the attackers used three different methods to obtain privileged access to the compromised environment to deploy the Prestige payload. Once deployed, the operators dropped a ransom note called “README.txt” in the root directory of each encrypted drive on the target device.

“For this DEV-0960 activity, the methods used to deploy the ransomware varied across the victim environments, but it does not appear to be due to security configurations preventing the attacker from using the same techniques. This is especially notable as the ransomware deployments all occurred within one hour,” the Microsoft Threat Intelligence Center explained.

Microsoft Finds New Prestige Ransomware Targeting Polish and Ukrainian Businesses — Prestige attack methods

Microsoft details indicators of compromise to detect the Prestige ransomware

Microsoft suggests that organizations should follow the best security practices to prevent ransomware attacks. The company advises customers to set up multi-factor authentication (MFA), tamper protection, and cloud-based protection in Microsoft Defender.

Moreover, Microsoft has advised IT admins to look for a series of indicators of compromise (IoCs) within enterprise networks, and you can find more details in Microsoft’s blog post.

by Rabia Noureen
Oct 17, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.