In the ransomware threat landscape, Prometheus and Grief ransomware gangs are the new entrants in the global malware market. Read on to know more…
In this cyber age, information and data are valuable commodities, and cybercriminals are vying for a piece of the pie. Cyberattacks have increased dramatically in recent months and have reached a new level of complexity. One such ransomware gang, known as Prometheus, has recently made headlines.
The Prometheus ransomware is a cryptovirus that mimics a data locker. The key function of the ransomware is to access and encrypt personal files. Then it demands a ransom from the victims. It has been discovered in the midst of active attack campaigns. The AES cipher algorithm is used by the Prometheus ransomware to encrypt files, making them unusable.
Hackers behind the Prometheus virus have a decryption tool that might potentially restore files that have been locked. Nonetheless, all victims should be aware that paying a ransom does not guarantee a secure solution to their affected files. This action may result in the loss of data and money.
Crucial data of 27 victims has been placed up for sale by the Prometheus ransomware group. This data comprises information from Mexican government agencies.
The crucial data of the victims are reportedly stolen through a Business Email Compromise (BEC) cyberattack on network resources belonging to numerous Mexican government agencies.
Some of the victims on this list include the Ghana National Gas, the Nyack Hotel (U.S.), Tulsa Center of Excellence in Cardiovascular System (U.S.) and organizations in the UAE, Norway, France, Switzerland, Brazil, the Netherlands, and Malaysia.
Although it’s impossible to evaluate the sensitivity or eventual consequence of these breaches, it is reasonable to assume that the stolen data will be utilized for extortion. Furthermore, Mexico is one of the three Latin American countries with the highest number of reported cyber incidents.
The redesigned logo of Prometheus group may also depict the possible ties with the REvil ransomware gang. The latter, on the other hand, has denied any direct link to Prometheus. However, security experts believe that the threat actor could be independently working affiliate.
Grief is a lesser-known ransomware attacker who has stolen data from five organizations, one of which is Mexico. Crawl protection is enabled on its website on Tor, thus preventing researchers from automatically indexing contents.
A weblink to the GDPR can be found on this website. On their landing page, there is a catchy reference to GDPR regulations: “The GDPR at Article 33 requires that, in the event of a personal data breach, data controllers should notify the appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it.”
This is suspected to be an extortion technique in which the malicious attackers persuade victims to pay a ransom in advance to avoid possible repercussions with European authorities.
The threat actors are compromising organizations across the world, regardless of their size. Ransomware attacks are a continuing threat to both public and private organizations. The identification of these new threat actors would undoubtedly put pressure on weak cybersecurity postures in such a scenario.
It’s crucial to include cybersecurity in your organization’s investments as new threat actors emerge practically daily in the threat landscape.