Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: rdp (1 article)Clear

New Prinz Eugen ransomware breaches organizations via stolen RDP credentials

Researchers at ThreatDown have detailed a new ransomware operation called Prinz Eugen that breaks from convention in two ways: it prioritizes recently modified files for encryption, hitting the data victims most likely still need, and it leaves no ransom note on the system. The operators break in manually using stolen RDP credentials, deploy remote management tools, steal data for double extortion, and encrypt with a modern cipher combination. At least five victims have been identified, including South Africa's Standard Bank, where the attacker demanded one bitcoin and was refused. The lack of a ransom note can delay detection and complicate incident response.

Check
Review internet-exposed RDP and remote-access services for weak or reused credentials and missing MFA, and check for unauthorized remote management tools and unexpected encryption of recently modified files.
Affected
Organizations exposing RDP or remote access with weak authentication; Prinz Eugen has hit at least five victims so far, including financial institutions, entering through stolen RDP credentials and hands-on intrusion.
Fix
Require phishing-resistant MFA on all remote access, restrict and monitor RDP, control remote management tools through allowlisting, segment networks, and keep tested offline backups to recover without paying.