The company states that Prestige’s activity is similar to the attacks of the previously discovered FoxBlade malware (aka HermeticWiper), which the same Microsoft discovered on February 23, 2022. This virus was aimed at the Ukrainian government at the very beginning of the full-scale invasion and is particularly linked to Russia.

what is known

• Analysts say Prestige referred to itself as “Prestige ranusomeware” in its extortion notes.
• The first attacks of this pest were recorded on October 11, 2022, when several incidents occurred just one hour apart.
• Microsoft’s report shows that Prestige operators use multiple methods to distribute payloads to victims’ networks, and this is in no way related to the security measures used by the defenders.
• The malware is said to encrypt files according to a list of extensions and append the .enc extension to all infected files.
• Prestige uses the CryptoPP C++ library to AES encrypt every file and removes all backups and shadow copies of all volumes to make information recovery difficult.

In its comprehensive report, Microsoft does not say which Ukrainian and Polish companies were affected, nor what the hackers’ demands were. The company has apparently made changes to its built-in Defender antivirus and can now detect the Prestige attack.