|
The
attackers targeted a wide range of systems within an hour on
Tuesday, Microsoft said, adding that it hadn't been able to link
the attacks to any known group yet.
Notably, however, researchers found that the hacks closely
mirrored earlier attacks by a Russian government-linked cyber
team that had disrupted Ukraine government agencies.
Ukraine has been the target of numerous cyberattacks by Russia
since the start of the conflict in late February, according to
western security researchers and senior government officials.
The Russian Embassy in Washington did not immediately respond to
a request for comment, and neither did the cybersecurity
agencies of Ukraine or Poland.
Victims of the new ransomware, named "Prestige," overlap with
those of another data-shredding cyberattack that involved the "FoxLoad,"
or "HermeticWiper" malware, Microsoft said.
That attack hit hundreds of computers in Ukraine, Lithuania, and
Latvia at the beginning of the Russian invasion of Ukraine.
"Prestige" ransomware works by encrypting a victims' data and
leaving a ransom note that says the data can only be unlocked
with the purchase of a decryption tool, Microsoft said.
In several cases, the researchers noted that the hackers had
gained administrator control of the victims' systems ahead of
deploying the ransomware, suggesting they had stolen their
credentials earlier and were waiting for the right moment.
"The enterprise-wide deployment of ransomware is not common in
Ukraine, and this activity was not connected to any of the 94
currently active ransomware activity groups that Microsoft
tracks," the researchers said.
(Reporting by Zeba Siddiqui in San Francisco; Editing by
Alistair Bell)
[© 2022 Thomson Reuters. All rights
reserved.]
This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
