Microsoft says Ukraine, Poland targetted with novel ransomware attack | Inquirer News

Microsoft says Ukraine, Poland targetted with novel ransomware attack

/ 07:33 AM October 15, 2022

Smartphone is seen in front of Microsoft logo displayed in this illustration taken, July 26, 2021. REUTERS/Dado Ruvic/Illustration

Smartphone is seen in front of Microsoft logo displayed in this illustration taken, July 26, 2021. (REUTERS/Dado Ruvic/Illustration)

SAN FRANCISCO  – A newly discovered hacking group has attacked transportation and logistics companies in Ukraine and Poland with a novel kind of ransomware, Microsoft said in a blog post on Friday.

The attackers targeted a wide range of systems within an hour on Tuesday, Microsoft said, adding that it hadn’t been able to link the attacks to any known group yet.

Article continues after this advertisement

Notably, however, researchers found that the hacks closely mirrored earlier attacks by a Russian government-linked cyber team that had disrupted Ukraine government agencies.

FEATURED STORIES

Ukraine has been the target of numerous cyberattacks by Russia since the start of the conflict in late February, according to western security researchers and senior government officials.

The Russian Embassy in Washington did not immediately respond to a request for comment, and neither did the cybersecurity agencies of Ukraine or Poland.

Article continues after this advertisement

Victims of the new ransomware, named “Prestige,” overlap with those of another data-shredding cyberattack that involved the “FoxLoad,” or “HermeticWiper” malware, Microsoft said.

Article continues after this advertisement

That attack hit hundreds of computers in Ukraine, Lithuania, and Latvia at the beginning of the Russian invasion of Ukraine.

Article continues after this advertisement

“Prestige” ransomware works by encrypting a victims’ data and leaving a ransom note that says the data can only be unlocked with the purchase of a decryption tool, Microsoft said.

In several cases, the researchers noted that the hackers had gained administrator control of the victims’ systems ahead of deploying the ransomware, suggesting they had stolen their credentials earlier and were waiting for the right moment.

Article continues after this advertisement

“The enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks,” the researchers said.

gsg
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: microsoft

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.