In just four months since the start of the Prometheus ransomware, its operators managed to hack 30 organizations around the world.
First discovered in February 2021, Prometheus is an offshoot of another notorious ransomware variant called Thanos, which was previously used against government entities in the Middle East and North Africa last year.
According to experts from the Unit 42 division of Palo Alto Networks, Prometheus attacks affected government organizations, financial services, manufacturing enterprises, agriculture, medical organizations, insurance agencies, energy and law firms in the United States, the United Kingdom and a dozen other countries in Asia and Europe. , The Middle East, and South America.
Like other groups, Prometheus uses double-extortion tactics and lists affected companies and organizations on its darknet data breach site. To date, only 4 of the 30 attacked organizations have chosen to pay the ransom, including a Peruvian agricultural company, a Brazilian healthcare provider, and two transport and logistics organizations in Austria and Singapore.
Despite Prometheus’ ties to Thanos, the group claims to be a REvil affiliate. According to experts, this could be an attempt to divert attention from Thanos or an attempt to trick victims into paying, taking advantage of the reputation of a more famous group.
Operators of the Prometheus ransomware generate a unique payload for each victim, which is used on their negotiation site to recover files. The ransom demand ranges from $ 6,000 to $ 100,000, depending on the organization, and this price doubles if the victim fails to pay in due time.
Catch up on more articles here
Follow us on Twitter here