Campaigns
Prestige Ransomware: Targeting Ukraine & Poland

Prestige Ransomware: Targeting Ukraine & Poland

Prestige RansomwareRansomware
A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft Threat Intelligence Center (MSTIC) said.

Indicators of Compromise

No domains found for this campaign

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Different methods for ransomware there is distribution. We can list them as follows:

Method 1: The ransomware payload is copied to the ADMIN$ share of a remote system, and
Impacket is used to remotely create a Windows Scheduled Task on target systems to execute
the payload.


Method 2: The ransomware payload is copied to the ADMIN$ share of a remote system, and
Impacket is used to remotely invoke an encoded PowerShell command on target systems to
execute the payload.


Method 3: The ransomware payload is copied to an Active Directory Domain Controller and
deployed to systems using the Default Domain Group Policy Objec

Observed Countries2

PL (511)
UA (302)