Outbreak Alert

Prestige Ransomware

Released: Oct 18, 2022

Medium Severity

Ransomware Type

Targeting organizations in Ukraine and Poland

Researchers at Microsoft Threat Intelligence Center (MSTIC) have identified evidence of a novel ransomware campaign targeting organizations in the transportation and logistics industries in Ukraine and Poland. According to the report, the new ransomware labels itself with a ransom note of “Prestige ranusomeware”. Learn More »

Background

Prestige Ransomware has similar deployment techniques as previously used in recent destructive attacks leveraging AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper).

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

FortiGuard has Antivirus detection coverage on the malware as W32/Filecoder.OMM!tr.ransom. The ANN and Sandbox behavioural detection engine detects the malware as high risk.

October 14, 2022, Microsoft Security released a blog: https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Decoy VM
AV
AV (Pre-filter)
Behavior Detection
ANN
Web Filter
Web Filter
Anti-ransomware
Botnet C&C

DETECT

Threat Hunting
IOC
Outbreak Detection
Content Update

RESPOND

Automated Response
Assisted Response Services

RECOVER

InfoSec Services

IDENTIFY

Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

Indicators of compromise
IOC Indicator List

Indicator	Type	Status
5fc44c7342b84f50f24758e39c8848b2f0991e8817ef546...	file	Active
5dd1ca0d471dee41eb3ea0b6ea117810f228354fc3b7b47...	file	Active
6cff0bbd62efe99f381e5cc0c4182b0fb7a9a34e4be9ce6...	file	Active
prestige.ranusomeware@proton.me	email	Active
a32bbc5df4195de63ea06feb46cd6b55	file	Active
986ba7a5714ad5b0de0d040d1c066389bcb81a67	file	Active
c7186def5e9c3e1b01bf506f538f5d6185377a9c	file	Active

References

Sources of information in support and relation to this Outbreak and vendor.

Microsoft Security Blog

Learn More »

Threat Signal

Learn More »

The Hacker News

Learn More »

Security Week

Learn More »

Bleeping Computer

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Outbreak Alert

Prestige Ransomware

Targeting organizations in Ukraine and Poland

Background

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

Indicators of compromise IOC Indicator List

Indicators of compromise IOC Threat Activity

References

Microsoft Security Blog

Threat Signal

The Hacker News

Security Week

Bleeping Computer

About FortiGuard Outbreak Alerts

Threat Intelligence
Center

Indicators of compromise
IOC Indicator List

Indicators of compromise
IOC Threat Activity