Microsoft: hackers attacked transport companies in Ukraine and Poland
A hacker attack on transport and logistics companies of Ukraine and Poland was detected. The attackers used a new type of ransomware. Logist.Today learned about it from a message from the press service of the Microsoft company.
The Microsoft Threat Intelligence Center (MSTIC) found evidence of a new Prestige Ranusomeware ransomware campaign that was deployed on October 11. The attacks coincided with the victims of a second data destruction cyberattack involving the FoxLoad or HermeticWiper malware.
According to Microsoft, the deployment of such malicious programs on an enterprise scale is not a common phenomenon in Ukraine, and this activity was not associated with any of the 94 groups that Microsoft monitors.
Prestige encrypts the victim's data and leaves a ransom note stating that the data can only be unlocked by purchasing a decryption tool. In several cases, the researchers noted that hackers gained administrative control over the systems of the target of the attack before deploying the ransomware, assuming that they had stolen their credentials earlier and were waiting for the right moment.
According to Microsoft, the attack was probably carried out by a group associated with the Russian authorities and previous cyberattacks that affected Ukrainian organizations related to critical infrastructure.