Ukrainians are attacked by a dangerous computer virus: Microsoft told how to protect themselves
The victims have encountered harmful software for an hour, and their list coincides with Foxblade (also known as HermeticWiper) and other Russia attacks. The program receives access to users accounts, then encrypts files, adds an "ENC" extension and requires a redemption in exchange for a decryption tool.
For attempts to open any of them opens a "Notepad" document with a note from malefactors: "Do not try to decipher your files with third-party software-it can lead to irreversible loss of information. Do not try to change or rename encrypted files. You will lose them" . Microsoft identified several features of the Prestige virus, which has not previously occurred to cybersecurity experts.
They believe that the distribution of warriors on an enterprise is not a common occurrence in Ukraine, and the attack is not related to any of the 94 active groups tracking Microsoft. Despite similar deployment methods, the Prestige campaign is different from recent devastating attacks using Aprilaxe (Arguepatch)/CaddyWiper or Foxblade (HermeticWiper), which have touched several critical infrastructure of Ukraine over the past two weeks.
The virus uses the Cryptopp C ++ library to encrypt AES each appropriate file. In the encryption process, one version of the enclosure uses the following rigidly programmed open key RSA X509 (each version of Prestige can have a unique open key). The software also deletes the backups of the files so that they cannot be stopped using the system recovery function. According to Microsoft, the attackers start the virus after preliminary hacking and access to the credentials.