Prinz Eugen is a new ransomware operation that targets recently modified files first, uses hands-on-keyboard tactics, and avoids leaving a ransom note on infected systems. Threatdown says the attackers rely on stolen RDP credentials, RMM tools like RemotePC, and a backdoor admin account, while their victims include Standard Bank. #PrinzEugen #Threatdown #RemotePC #StandardBank
Keypoints
- Prinz Eugen prioritizes the newest modified files for encryption.
- The attackers use legitimate RMM tools and living-off-the-land techniques.
- Initial access is likely gained through stolen RDP credentials.
- The malware encrypts files with ChaCha20-Poly1305 and uses .prinzeugen extensions.
- Prinz Eugen leaves no ransom note and communicates out-of-band.