The malware tries to get a ransom.
Microsoft says in its announcement that it has discovered a new type of Prestige ransomware targeting transport and logistics companies in Ukraine and Poland.
The attack has significant features that distinguish it from previous ransomware campaigns. The malware was first used on October 11 in attacks that were detected within an hour of each other.
The malware encrypts the data on the computer and leaves a ransom demand, according to which the data can be accessed by purchasing a “decryption tool”.
According to Microsoft, the malware is not related to any of the other 94 currently active malware groups it monitors. The attacks targeted corporate networks, which is rare for attacks targeting Ukrainian organizations.
The attacks have not yet been linked to a known hacker group. According to researchers, the attack can be mirrored by cyber actors of the Russian government, who have disrupted Ukrainian government agencies in the past.
Ukraine has been the target of several cyber attacks in the past, which, according to researchers, was Russia.