A newly discovered hacking group has attacked transport and logistics companies in Ukraine and Poland with a new type of Ransomware, Microsoft said in a blog post.
The attackers targeted a wide range of systems within an hour, Microsoft said, adding that it had not yet been able to link the attacks to a known group.
Notably, however, the researchers found that the hacks closely mirrored previous attacks by a Russian government-linked cyber team that disrupted Ukrainian government agencies.
Ukraine has been the target of many cyber attacks by Russia since the conflict began in late February, according to Western security researchers and senior government officials.
The Russian embassy in Washington did not immediately respond to a request for comment, nor did cybersecurity agencies in Ukraine or Poland.
The victims of the new ransomware, codenamed “Prestige”, overlap with those of another data-shredding cyberattack involving the “FoxLoad” or “HermeticWiper” malware, Microsoft said.
This attack affected hundreds of computers in Ukraine, Lithuania and Latvia at the start of the Russian invasion of Ukraine.
The “Prestige” ransomware works by encrypting a victim’s data and leaving a ransom note stating that the data can only be unlocked with the purchase of a decryption tool, Microsoft said.
In several cases, the researchers noted that the the Pirates had obtained control from the victim’s systems administrator before deploying the ransomware, suggesting that they had stolen their credentials earlier and were waiting for the right moment.
“Enterprise-wide deployment of ransomware is not common in Ukraine, and this activity was not linked to any of the 94 currently active ransomware activity groups tracked by Microsoft,” the researchers said.