A newly discovered hacking group has attacked transportation and logistics companies in Ukraine and Poland with a novel kind of ransomware, Microsoft said in a blog post on Friday.
The attackers targeted a wide range of systems within an
hour on Tuesday, Microsoft said, adding that it hadn't been able to link the
attacks to any known group yet.
Notably, however, researchers found that the hacks closely
mirrored earlier attacks by a Russian government-linked cyber team that had
disrupted Ukraine government agencies.
Ukraine has been the target of numerous cyberattacks by
Russia since the start of the conflict in late February, according to western
security researchers and senior government officials.
The Russian Embassy in Washington did not immediately
respond to a request for comment, and neither did the cybersecurity agencies of
Ukraine or Poland.
Victims of the new ransomware, named "Prestige,"
overlap with those of another data-shredding cyberattack that involved the
"FoxLoad," or "HermeticWiper" malware, Microsoft said.
That attack hit hundreds of computers in Ukraine, Lithuania,
and Latvia at the beginning of the Russian invasion of Ukraine.
"Prestige" ransomware works by encrypting a
victims' data and leaving a ransom note that says the data can only be unlocked
with the purchase of a decryption tool, Microsoft said.
In several cases, the researchers noted that the hackers had
gained administrator control of the victims' systems ahead of deploying the
ransomware, suggesting they had stolen their credentials earlier and were
waiting for the right moment.
"The enterprise-wide deployment of ransomware is not
common in Ukraine, and this activity was not connected to any of the 94
currently active ransomware activity groups that Microsoft tracks," the
researchers said. © Reuters
0 comments:
Post a Comment