Prestige Ransomware

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
The Prestige ransomware is a type of malware that had not been observed by Microsoft prior to its deployment. It is a malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. The Prestige ransomware was first detected in the fall of 2022, when it was deployed against logistics companies in Ukraine and Poland. Unlike traditional ransomware attacks, the attackers did not aim to provide a key to decrypt the encrypted data, suggesting a more destructive intent. Microsoft Defender Antivirus has identified known Prestige ransomware payloads using specific file hashes associated with this malware. Security firm WithSecure noticed overlaps between Kapeka and GreyEnergy attacks and the Prestige ransomware attacks, attributing them to the Russia-linked Sandworm APT group. This connection was further supported when Kapeka's deployment coincided with reported instances of Prestige ransomware attacks in Poland and Ukraine, incidents that Microsoft also attributed to Sandworm. While pointing the finger at Russian cyberoffensive groups as the culprits behind the Prestige ransomware might seem the obvious choice, attribution based on evidence is a different beast. Nevertheless, security experts have noted that Sandworm changed tactics in the fall of 2022 and began using Prestige ransomware to infect Polish and Ukrainian logistics firms, in an attempt to disguise itself as a non-government hacking team. These destructive attacks are likely to continue and could extend to organizations from countries that provide military and logistics support to Ukraine.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Prestige
5
Prestige is a type of malware attributed to the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. This malicious software was used in ransomware attacks against Ukrainian and Polish logistics companies in October 2022. The deployment of Prestige coincided with reported instances of ran
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ukraine
Ransomware
Russia
State Sponso...
Microsoft
Apt
Payload
Ransom
Antivirus
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NikowiperUnspecified
2
NikoWiper is a malicious software (malware) identified as a new data wiper attributed to Sandworm, a state-backed hacker group linked with Russia's Main Directorate of the General Staff of the Armed Forces (GRU). This malware, unique in its design compared to other strains, was used in an attack on
CaddyWiperUnspecified
2
CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip
KapekaUnspecified
2
Kapeka is a previously unknown backdoor malware that has been linked to the Russian Sandworm Advanced Persistent Threat (APT) group. As a malicious software, Kapeka is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without t
GreyEnergyUnspecified
1
GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
2
Sandworm, a threat actor linked to Russia, has been identified as a significant cybersecurity risk. Known for its sophisticated and malicious activities, Sandworm has notably compromised 11 Ukrainian telecommunications providers, disrupting services and posing a substantial threat to the digital inf
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Prestige Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
3 months ago
Previously unknown Kapeka backdoor linked to Sandworm APT
BankInfoSecurity
3 months ago
Likely Sandworm Hackers Using Novel Backdoor 'Kapeka'
CERT-EU
a year ago
ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine
CERT-EU
a year ago
Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
InfoSecurity-magazine
a year ago
Russian Military Preparing New Destructive Attacks: Microsoft
ESET
a year ago
A year of wiper attacks in Ukraine | WeLiveSecurity
CSO Online
a year ago
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
ESET
a year ago
ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine | WeLiveSecurity
BankInfoSecurity
a year ago
Ukraine Tracks Increased Russian Focus on Cyberespionage
CERT-EU
9 months ago
Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks
MITRE
7 months ago
New “Prestige” ransomware impacts organizations in Ukraine and Poland | Microsoft Security Blog
Securelist
a year ago
Reassessing cyberwarfare. Lessons learned in 2022