VERY IMPORTANT

A campaign impersonating Royal Mail was identified delivering Prince ransomware, an open-source variant available on GitHub. The low-volume attack targeted UK and US organizations in mid-September, often originating from contact forms on target websites. The ransomware lacks decryption mechanisms and data exfiltration capabilities, making it purely destructive. The attack chain involves multiple stages, including PDF lures, ZIP files, shortcuts, and obfuscated scripts, ultimately leading to the execution of the Prince ransomware. The campaign's attribution remains unclear, but the ransomware's creator offers customization services. This activity highlights the ongoing threat of freely available malware and the importance of user awareness in identifying suspicious emails and attachments.