
Prestige Ransomware: Targeting Ukraine & Poland
Prestige RansomwareRansomware
A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft Threat Intelligence Center (MSTIC) said.
Indicators of Compromise
No domains found for this campaign
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
Different methods for ransomware there is distribution. We can list them as follows:
Method 1: The ransomware payload is copied to the ADMIN$ share of a remote system, and
Impacket is used to remotely create a Windows Scheduled Task on target systems to execute
the payload.
Method 2: The ransomware payload is copied to the ADMIN$ share of a remote system, and
Impacket is used to remotely invoke an encoded PowerShell command on target systems to
execute the payload.
Method 3: The ransomware payload is copied to an Active Directory Domain Controller and
deployed to systems using the Default Domain Group Policy Objec
Method 1: The ransomware payload is copied to the ADMIN$ share of a remote system, and
Impacket is used to remotely create a Windows Scheduled Task on target systems to execute
the payload.
Method 2: The ransomware payload is copied to the ADMIN$ share of a remote system, and
Impacket is used to remotely invoke an encoded PowerShell command on target systems to
execute the payload.
Method 3: The ransomware payload is copied to an Active Directory Domain Controller and
deployed to systems using the Default Domain Group Policy Objec
Observed Countries2
PL (511)
UA (302)