Intel Name: Royal mail lures deliver open source prince ransomware
Date of Scan: October 4, 2024
Impact: High
Summary: Proofpoint researchers discovered a campaign impersonating the British postal service, Royal Mail, to deliver Prince ransomware. This ransomware variant is available for free on GitHub, accompanied by a “disclaimer” stating it is intended solely for educational purposes. The campaign took place in mid-September, targeting individuals in the UK and the U.S. It was low-volume, affecting only a few organizations. Interestingly, most of the messages seemed to originate from contact forms on the targeted organizations’ websites, suggesting that the actor also exploits public contact forms, rather than exclusively using direct email outreach.