Prestige is another crypto-ransomware and pseudo-ransomware (wiper) that emerged from the Ukraine-Russia conflict that began in February 2022. Based on the sample we analyzed, Prestige performs all of the typical crypto-ransomware behavior, such as deleting shadow copies and encrypting files using a hybrid encryption scheme of AES-256 coupled with RSA-2048. After encryption, the files are renamed to include a '.enc' file extension, and a ransom note is dropped in the machine's Public user folder. It's also determined to be a wiper because there is no intent on receiving a ransom, and that's based on assumptions of the threat actor and the context - Sandworm team (Seashell Blizzard) and an attack during a conflict, respectively. Their intent is to cause destruction and disruption, with no intent on communicating with victims and receiving a ransom.
