New Prinz Eugen Ransomware Prioritizes Recent Files for Encryption

Researchers have identified Prinz Eugen, a Go-based ransomware operation that prioritizes encrypting recently modified files to maximize operational impact. The threat actors use stolen RDP credentials and legitimate remote management tools (notably RemotePC) in hands-on-keyboard intrusions, create backdoor administrator accounts for persistence, do not operate as RaaS, and avoid leaving on-device ransom notes; a few victims are listed on the group's leak site, and enterprises with exposed RDP or inadequate RMM monitoring are at heightened risk.