In the last few days, several new groups of ransomware have appeared such as Prometheus, Grief and Epsilon Red. Today we come to talk about Prometheus and Grief. Prometheus is a new group of ransomware that appeared at the end of March 2021, supposedly related to REvil (aka Sodinokibi) and that have been actively attacking organizations in the region. In its updated logo, the group illustrated links to another notorious underground ransomware group called REvil.
This threat can spread through insecure RDP accesses, phishing emails and malicious attachments, Botnets, Exploit Kits, VPN vulnerabilities, malicious advertisements, web injections, fake updates and infected installers among others. Recently, the group has published a stolen data allegedly belonging to the Mexican government that still remains available for sale today, and possibly becomes the first cybercriminal group to have touched an important state in Latin America at such a level.
According to Resecurity, a Los Angeles cybersecurity firm, the leaked data is presumed to have been stolen from multiple email accounts as a result of ATO / BEC and the compromise of network resources belonging to various Mexican government agencies. It is difficult to determine the sensitivity and the ultimate impact on the outcome of such leaks, but it is one of the elements of an extortion game used by bad actors.
Grief is a lesser-known ransomware group, claiming to have stolen data from 5 organizations, including a company in Mexico. Interestingly, Grief’s website on the TOR network has “anti-tracking” protection that prevents cybersecurity researchers from automatically indexing its content using various cyber threat intelligence platforms and their bots.
On their landing page, there is a catchy reference to the GDPR regulations obviously for victims to pay sooner rather than later to avoid potential problems with European regulators, which is one of the extortion tactics. The GDPR allows EU data protection authorities to impose fines of up to € 20 million or 4% of annual global turnover, which will definitely be a higher price compared to a possible ransom payment to an actor. clandestine.
According to experts, the highest number of victims in 2020 by industry was in manufacturing, professional and legal services and construction. Manufacturing, education, and healthcare companies specifically saw significant increases, especially during the COVID-19 pandemic, when companies almost completely switched to remote work mode, leaving many security gaps used by threat actors and so on. that new groups of cybercriminals emerge is no surprise.
See also:
History of Ransomware and how it has evolved
Hentai Oniichan – Chimera Ransomware variant
[…] check:Prometheus and Grief, 2 New Ransomware GroupsEpsilon Red Ransomware targeting […]
[…] reads:Prometheus and Grief, 2 New Ransomware GroupsFIN7, a dangerous group of […]
[…] more:Prometheus and Grief, 2 New Ransomware GroupsPyVil RAT – New Trojan from the Evilnum […]
[…] see:Prometheus and Grief, 2 New Ransomware GroupsFIN7, a dangerous group of […]