A relatively new entrant to the ransomware commerce space, identified by cyber experts as Prometheus, has been featuring in a number of cybersecurity incidents involving various economic sectors across the world.
Experts have noted the impact of the double extortion operation on government agencies, financial institutions, manufacturers, logistics companies, consulting firms, agribusiness establishments, healthcare institutions, insurance companies and legal entities.
Prometheus has since claimed a long list of victims in what cybersecurity experts have since connected the operation to a seasoned cybercriminal group specialized on all matter ransomware attacks. It turns out that the ransomware group has also exploited the reputation of one of the world’s most devastating types of ransomware.
Prometheus ransomware first appeared in public discourse in early 2021 as a radical cybercriminal operation that seems to differ from traditional peers. The threat actors behind the ransomware have gone beyond encrypting victim files to demand ransom payments, but have also engaged in double extortion activities that have become quite popular.
Cybersecurity experts have not been able to clearly point out the precise method used by Prometheus in penetrating organizational networks.
However, it is reported that once victims are targeted successfully, Prometheus operators demand ransom from their victims based on the nature of their targets. The ransom demands are found to be ranging from $6,000 to $100,000 – figures that increase tremendously if a victim fails to pay ransom within a week.
Typically, Prometheus demands ransom in the form of Monero cryptocurrency. The decision to choose Monero over Bitcoin may be pegged on the fact that Monero transactions are harder to track, which serves to protect the identity of the threat actors in a law enforcement operation eventuality.
Prometheus Claims To Have Hit 30 Organizations
According to the findings of a study conducted by published by cybersecurity experts at Palo Alto Networks, Prometheus is a highly sophisticated operation built on a model that mimics a professional enterprise.
The finding reflects a rather worrying trend across peer ransomware operations that have been found to refer to cyberattack victims as “customers”. Such well-organized ransomware groups have been reported to employ an elaborate ticketing system to communicate to targets of their attacks.
The threat actors behind the Prometheus operation have claimed to have successfully attacked more than 30 organizations across the globe, including establishments in North America, Europe and firms located on the Asian continent.
Nonetheless, considering the scale of operation boated by the ransomware operation, it turns out that only our victims have since yielded to their ransom demands and parted with money. As reported by Palo Alto researchers, the four victims that have been documented by the cybercriminal group’s leak site include a Peruvian agricultural establishment, a Brazilian healthcare provider and transportation and logistics organizations in Austria and Singapore.
Piggybacking on REvil’s Brand
One of the distinct attributes of Prometheus is its exploitation of the reputation of another ransomware group across its operational structure. The ransomware has made it explicitly clear that it is affiliated with REvil, ransom notes and all other forms of branding in its communication platform have been signed by the slogan “Group of REvil”.
REvil is considered to be one of the most successful ransomware operations according to research conducted to reveal a list of the most reported ransomware strains in early 2021. A probe by the Federal Bureau of Investigation (FBI) revealed that REvil was behind the recent ransomware attack against JBS USA, a subsidiary of the world’s largest meat processing company.
Nonetheless, despite Prometheus claims to being hitched to REvil, cybersecurity experts believe that the ransomware operation is only leveraging on the brand of a well-established cybercriminal enterprise to advance its chances of getting ransom payments.
A relatively new entrant to the ransomware commerce space, identified by cyber experts as Prometheus, has been featuring in a number of cybersecurity incidents involving various economic sectors across the world.
Experts have noted the impact of the double extortion operation on government agencies, financial institutions, manufacturers, logistics companies, consulting firms, agribusiness establishments, healthcare institutions, insurance companies and legal entities.
Prometheus has since claimed a long list of victims in what cybersecurity experts have since connected the operation to a seasoned cybercriminal group specialized on all matter ransomware attacks. It turns out that the ransomware group has also exploited the reputation of one of the world’s most devastating types of ransomware.
Prometheus ransomware first appeared in public discourse in early 2021 as a radical cybercriminal operation that seems to differ from traditional peers. The threat actors behind the ransomware have gone beyond encrypting victim files to demand ransom payments, but have also engaged in double extortion activities that have become quite popular.
Cybersecurity experts have not been able to clearly point out the precise method used by Prometheus in penetrating organizational networks.
However, it is reported that once victims are targeted successfully, Prometheus operators demand ransom from their victims based on the nature of their targets. The ransom demands are found to be ranging from $6,000 to $100,000 – figures that increase tremendously if a victim fails to pay ransom within a week.
Typically, Prometheus demands ransom in the form of Monero cryptocurrency. The decision to choose Monero over Bitcoin may be pegged on the fact that Monero transactions are harder to track, which serves to protect the identity of the threat actors in a law enforcement operation eventuality.
Prometheus Claims To Have Hit 30 Organizations
According to the findings of a study conducted by published by cybersecurity experts at Palo Alto Networks, Prometheus is a highly sophisticated operation built on a model that mimics a professional enterprise.
The finding reflects a rather worrying trend across peer ransomware operations that have been found to refer to cyberattack victims as “customers”. Such well-organized ransomware groups have been reported to employ an elaborate ticketing system to communicate to targets of their attacks.
The threat actors behind the Prometheus operation have claimed to have successfully attacked more than 30 organizations across the globe, including establishments in North America, Europe and firms located on the Asian continent.
Nonetheless, considering the scale of operation boated by the ransomware operation, it turns out that only our victims have since yielded to their ransom demands and parted with money. As reported by Palo Alto researchers, the four victims that have been documented by the cybercriminal group’s leak site include a Peruvian agricultural establishment, a Brazilian healthcare provider and transportation and logistics organizations in Austria and Singapore.
Piggybacking on REvil’s Brand
One of the distinct attributes of Prometheus is its exploitation of the reputation of another ransomware group across its operational structure. The ransomware has made it explicitly clear that it is affiliated with REvil, ransom notes and all other forms of branding in its communication platform have been signed by the slogan “Group of REvil”.
REvil is considered to be one of the most successful ransomware operations according to research conducted to reveal a list of the most reported ransomware strains in early 2021. A probe by the Federal Bureau of Investigation (FBI) revealed that REvil was behind the recent ransomware attack against JBS USA, a subsidiary of the world’s largest meat processing company.
Nonetheless, despite Prometheus claims to being hitched to REvil, cybersecurity experts believe that the ransomware operation is only leveraging on the brand of a well-established cybercriminal enterprise to advance its chances of getting ransom payments.
A relatively new entrant to the ransomware commerce space, identified by cyber experts as Prometheus, has been featuring in a number of cybersecurity incidents involving various economic sectors across the world.
Experts have noted the impact of the double extortion operation on government agencies, financial institutions, manufacturers, logistics companies, consulting firms, agribusiness establishments, healthcare institutions, insurance companies and legal entities.
Prometheus has since claimed a long list of victims in what cybersecurity experts have since connected the operation to a seasoned cybercriminal group specialized on all matter ransomware attacks. It turns out that the ransomware group has also exploited the reputation of one of the world’s most devastating types of ransomware.
Prometheus ransomware first appeared in public discourse in early 2021 as a radical cybercriminal operation that seems to differ from traditional peers. The threat actors behind the ransomware have gone beyond encrypting victim files to demand ransom payments, but have also engaged in double extortion activities that have become quite popular.
Cybersecurity experts have not been able to clearly point out the precise method used by Prometheus in penetrating organizational networks.
However, it is reported that once victims are targeted successfully, Prometheus operators demand ransom from their victims based on the nature of their targets. The ransom demands are found to be ranging from $6,000 to $100,000 – figures that increase tremendously if a victim fails to pay ransom within a week.
Typically, Prometheus demands ransom in the form of Monero cryptocurrency. The decision to choose Monero over Bitcoin may be pegged on the fact that Monero transactions are harder to track, which serves to protect the identity of the threat actors in a law enforcement operation eventuality.
Prometheus Claims To Have Hit 30 Organizations
According to the findings of a study conducted by published by cybersecurity experts at Palo Alto Networks, Prometheus is a highly sophisticated operation built on a model that mimics a professional enterprise.
The finding reflects a rather worrying trend across peer ransomware operations that have been found to refer to cyberattack victims as “customers”. Such well-organized ransomware groups have been reported to employ an elaborate ticketing system to communicate to targets of their attacks.
The threat actors behind the Prometheus operation have claimed to have successfully attacked more than 30 organizations across the globe, including establishments in North America, Europe and firms located on the Asian continent.
Nonetheless, considering the scale of operation boated by the ransomware operation, it turns out that only our victims have since yielded to their ransom demands and parted with money. As reported by Palo Alto researchers, the four victims that have been documented by the cybercriminal group’s leak site include a Peruvian agricultural establishment, a Brazilian healthcare provider and transportation and logistics organizations in Austria and Singapore.
Piggybacking on REvil’s Brand
One of the distinct attributes of Prometheus is its exploitation of the reputation of another ransomware group across its operational structure. The ransomware has made it explicitly clear that it is affiliated with REvil, ransom notes and all other forms of branding in its communication platform have been signed by the slogan “Group of REvil”.
REvil is considered to be one of the most successful ransomware operations according to research conducted to reveal a list of the most reported ransomware strains in early 2021. A probe by the Federal Bureau of Investigation (FBI) revealed that REvil was behind the recent ransomware attack against JBS USA, a subsidiary of the world’s largest meat processing company.
Nonetheless, despite Prometheus claims to being hitched to REvil, cybersecurity experts believe that the ransomware operation is only leveraging on the brand of a well-established cybercriminal enterprise to advance its chances of getting ransom payments.
