An rising ransomware pressure within the menace panorama claims to have breached 30 organizations in simply 4 months because it went operational, driving on the coattails of a infamous ransomware syndicate.
First noticed in February 2021, “” is an offshoot of one other well-known ransomware variant referred to as , which was beforehand deployed towards state-run organizations within the Center East and North Africa final yr.
The affected entities are believed to be authorities, monetary providers, manufacturing, logistics, consulting, agriculture, healthcare providers, insurance coverage companies, vitality and regulation companies within the U.S., U.Okay., and a dozen extra international locations in Asia, Europe, the Center East, and South America, in keeping with new analysis revealed by Palo Alto Networks’ Unit 42 menace intelligence crew.
Like different ransomware gangs, Prometheus takes benefit of double-extortion techniques and hosts a darkish net leak web site, the place it names and shames new victims and makes stolen information accessible for buy, on the identical time managing to inject a veneer of professionalism into its legal actions.
“Prometheus runs like knowledgeable enterprise,” Doel Santos, Unit 42 menace intelligence analyst, mentioned. “It refers to its victims as ‘clients,’ communicates with them utilizing a customer support ticketing system that warns them when cost deadlines are approaching and even makes use of a clock to depend down the hours, minutes and seconds to a cost deadline.”
Nevertheless, solely 4 of these 30 affected organizations opted to pay ransoms up to now, the cybersecurity agency’s evaluation revealed, together with a Peruvian agricultural firm, a Brazilian healthcare providers supplier, and two transportation and logistics organizations in Austria and Singapore.
It is price noting that regardless of Prometheus’ sturdy hyperlinks to Thanos, the gang professes to be a “group of,” some of the prolific and notorious ransomware-as-a-service (RaaS) cartels lately, which the researchers speculate could possibly be an try and deflect consideration from Thanos or a deliberate ploy to trick victims into paying up by piggybacking on a longtime operation.
Whereas the ransomware’s intrusion route stays unclear as but, it is anticipated that the group bought entry to focus on networks or staged spear-phishing and brute-force assaults to achieve preliminary entry. Following a profitable compromise, the Prometheus modus operandi includes terminating backup and safety software-related processes on the system to lock the information behind encryption obstacles.
“The Prometheus ransomware operators generate a novel payload per sufferer, which is used for his or her negotiation web site to recuperate information,” Santos mentioned, including the ransom demand ranges anyplace between $6,000 and $100,000 relying on the sufferer group, a worth that will get doubled if the sufferer fails to pay up throughout the designated time interval.
The event additionally comes as cybercrime teams are more and more focusing on SonicWall gadgets to breach company networks and deploy ransomware. A report revealed by CrowdStrike this weekproof of distant entry vulnerabilities (CVE-2019-7481) in SonicWall SRA 4600 VPN home equipment being exploited as an preliminary entry vector for ransomware assaults focusing on organizations worldwide.