Prestige Ransomware

Malware updated 2 months ago (2024-09-10T13:17:43.356Z)
Download STIX
Preview STIX
In October 2022, a new strain of ransomware known as Prestige was reported by Microsoft. This malware had not been observed by Microsoft prior to its deployment and was found targeting transportation and logistics organizations in Ukraine and Poland. Prestige ransomware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations, steal personal information, or hold data hostage for ransom. The file hashes associated with the Prestige ransomware payload were identified and are now detectable by Microsoft Defender Antivirus. The deployment of Prestige ransomware coincided with the activities of Kapeka and GreyEnergy, which have shown overlaps in their attack patterns. Security firm WithSecure noted these similarities and suggested that the novel backdoor used in these intrusions likely led to the deployment of Prestige ransomware in late 2022. The attacks have been attributed to the Russia-linked Sandworm APT group, which is known for its cyberoffensive activities. Although attributing the Prestige ransomware attacks to Russian state-sponsored hackers might seem obvious, evidence-based attribution remains challenging. However, it is noteworthy that the threat actor may also have been testing additional ransomware-style capabilities that could be used in destructive attacks on organizations outside Ukraine serving key functions in Ukraine's supply lines. This was evidenced by the Prestige ransomware operation against a Polish firm in late 2022, setting a precedent for such attacks.
Description last updated: 2024-09-10T13:15:36.643Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Prestige is a possible alias for Prestige Ransomware. Prestige is a malicious software (malware) that has been linked to several disruptive cyberattacks. In October 2022, the malware was used in ransomware attacks against Ukrainian and Polish logistics companies. These attacks were attributed to Sandworm, an advanced persistent threat (APT) group belie
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ukraine
Russia
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The CaddyWiper Malware is associated with Prestige Ransomware. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWipUnspecified
2
The Kapeka Malware is associated with Prestige Ransomware. Kapeka is a previously unknown malware that operates as a backdoor into systems, linked to the Russian Sandworm Advanced Persistent Threat (APT) group. The malicious software can infiltrate a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, iUnspecified
2
The Nikowiper Malware is associated with Prestige Ransomware. NikoWiper is a malicious software (malware) identified as a new data wiper attributed to Sandworm, a state-backed hacker group linked with Russia's Main Directorate of the General Staff of the Armed Forces (GRU). This malware, unique in its design compared to other strains, was used in an attack on Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sandworm Threat Actor is associated with Prestige Ransomware. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which cUnspecified
2
Source Document References
Information about the Prestige Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
InfoSecurity-magazine
7 months ago
Securityaffairs
7 months ago
BankInfoSecurity
7 months ago
CERT-EU
a year ago
CERT-EU
2 years ago
InfoSecurity-magazine
2 years ago
ESET
2 years ago
CSO Online
2 years ago
ESET
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
a year ago
MITRE
a year ago
Securelist
2 years ago