Microsoft says Ukraine and Poland are targets of new ransomware attack

SAN FRANCISCO, Oct 14 (Reuters) – A newly discovered hacking group has attacked transportation and logistics companies in Ukraine and Poland with a new type of ransomware, Microsoft said in a blog post on Friday.

Attackers targeted a wide range of systems in less than an hour on Tuesday, Microsoft said, adding that it had not yet been able to link the attacks to a known group.

Notably, however, the researchers found that the hacks closely mirrored previous attacks by a Russian government-linked cyber team that disrupted Ukrainian government agencies.

Join now for FREE unlimited access to Reuters.com

Ukraine has been the target of numerous Russian cyberattacks since the conflict began in late February, according to Western security researchers and senior government officials.

The Russian embassy in Washington did not immediately respond to a request for comment, nor did cybersecurity agencies in Ukraine or Poland.

The victims of the new ransomware, codenamed “Prestige”, overlap with those of another data-shredding cyberattack involving the “FoxLoad” or “HermeticWiper” malware, Microsoft said.

This attack affected hundreds of computers in Ukraine, Lithuania and Latvia at the start of the Russian invasion of Ukraine.

The “Prestige” ransomware works by encrypting a victim’s data and leaving a ransom note stating that the data can only be unlocked with the purchase of a decryption tool, Microsoft said.

In several cases, researchers noted that hackers had taken control of the victims’ systems administrator before deploying the ransomware, suggesting that they had stolen their credentials earlier and were waiting for the right moment.

“Enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not linked to any of the 94 currently active ransomware activity groups tracked by Microsoft,” the researchers said.

Join now for FREE unlimited access to Reuters.com

Reporting by Zeba Siddiqui in San Francisco Editing by Alistair Bell

Our standards: The Thomson Reuters Trust Principles.

Comments are closed.