CyberSecurityBoard
Sponsor Register Login

Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign

“Based on the lack of a link to determine which user has paid to have their files decrypted, and which infected computer belongs to the user who paid, paired with the lack of communication instructions, this appears to be a destructive attack, with threat actors likely having no intention of decrypting any files, even if the victim paid,” researchers said. Researchers have identified a new campaign in which hackers impersonated the British postal carrier Royal Mail to target victims in the U.S. and the U.K. with Prince ransomware. Royal Mail, in particular, has warned about malicious text messages asking customers to rebook a package delivery, collect a parcel from the post office, or resolve alleged delays or unsuccessful deliveries. Unlike most ransomware attacks, where hackers encrypt the victim’s data and demand a ransom, the goal of this campaign appeared to be destructive, as there were no decryption mechanisms or data exfiltration capabilities, researchers said. Proofpoint couldn’t attribute this activity to a known threat actor because the Prince ransomware is openly available on GitHub and can be used and modified by various hacker groups. The note falsely claimed that files had been exfiltrated and promised automatic decryption if the victim paid $400 in cryptocurrency to a specified wallet. According to previous research, Prince is written entirely from scratch in the Go programming language and is designed to make files unrecoverable by traditional tools, ensuring that only the designated decryptor can restore them. One phishing email analyzed by Proofpoint appeared to be sent by Royal Mail, alerting the recipient about an unsuccessful package delivery. In the latest campaign discovered by Proofpoint, the hackers attached PDF documents to their emails with a link that led to the download of a ZIP file hosted on Dropbox. To gain access to their victims' systems, the hackers used malicious emails and public contact forms found on the target organizations’ websites. While encrypting files, the ransomware displayed a Windows update splash screen and added a ransom note to the desktop.

This Cyber News was published on therecord.media. Publication date: Wed, 02 Oct 2024 18:15:07 +0000


Cyber News related to Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 weeks ago Cybersecuritynews.com
Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign - “Based on the lack of a link to determine which user has paid to have their files decrypted, and which infected computer belongs to the user who paid, paired with the lack of communication instructions, this appears to be a destructive attack, with ...
5 months ago Therecord.media
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam - The ransomware encrypts files on the victim’s computer, adding the “.womp” extension, and displays a ransom note demanding payment in Bitcoin for decryption. The attack, known as the “Prince Ransomware,” utilizes a ...
5 months ago Gbhackers.com
Rhysida ransomware gang claims British Library cyberattack - The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. Rhysida is auctioning off the data it reportedly stole from the United Kingdom's national library ...
1 year ago Bleepingcomputer.com Rhysida Medusa
Ransomware takes British Library goes offline - When the British Library was infected with ransomware, few could have predicted how damaging the attack would be. A month later, the Library's IT systems are still offline - and now hackers are threatening to sell stolen personal data too. On 31st ...
1 year ago Pandasecurity.com Rhysida
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
5 months ago Securelist.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
9 months ago Bleepingcomputer.com LockBit Inc ransom Black Basta
British Library: Ongoing outage caused by ransomware attack - The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. Over 11 million visitors use the library's website annually, with more than 16,000 people using its collections ...
1 year ago Bleepingcomputer.com Medusa
CVE-2025-21681 - In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_send -> ...
1 month ago Tenable.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
Hackers distributing Prince Ransomware by impersonating Royal Mail - Cybersecurity Insiders - As hostilities continue to escalate between Israel and Iran, similar patterns of cyber aggression are anticipated, raising the stakes for cybersecurity on a global scale. The emergence of the Prince ransomware marks a worrying trend, as it joins the ...
5 months ago Cybersecurity-insiders.com
CVE-2024-27938 - Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming ...
11 months ago
The Evolving Landscape of Ransomware Attacks - 1.7 million ransomware attacks are happening every day. Many people think the virus has locked their computer, but it is actually the ransomware that has locked all their files. As the name ransomware suggests they are after ransom. Stealing or ...
1 year ago Cyberdefensemagazine.com LockBit
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
11 months ago Feeds.fortinet.com
British Library: Finances are healthy amid cyber rebuild The Register - The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing. Reports at the weekend suggested the ransomware recovery costs were ...
1 year ago Go.theregister.com Rhysida
British Library: Finances are healthy amid cyber rebuild The Register - The British Library is denying reports suggesting the recovery costs for its 2023 ransomware attack may reach highs of nearly $9 million as work to restore services remains ongoing. Reports at the weekend suggested the ransomware recovery costs were ...
1 year ago Packetstormsecurity.com Rhysida

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)