Threat Actor Update: IRIDUIM Attributed to Prestige Ransomware Campaign A ransomware campaign targeting transportation and logistics organizations in Ukraine and Poland has been attributed to a group called IRIDIUM. The ransomware campaign used a previously unidentified ransomware payload called ‘Prestige’ which was observed deployed on October 11th, 2022. The objective of the campaign was to cause disruption not financial gain. IRIDUIM is a Russia-based actor that overlaps with Sandworm and has been consistently active in Ukraine with IRIDIUM being linked to activity in March 2022 (1). The Ukraine war continues to highlight the increased use of ransomware for non-financial means. Ransomware has been used for non-financial means before (2); however, many ransomware incidents have historically been financially driven. For example, the HermacticRansom malware used in Ukraine is suspected to be a smokescreen for destructive attacks (3). Hacktivist group FRwL has used ransomware during