company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Mexico

Prometheus

Grief

loading..
loading..
loading..

Mexican Govt. data publicized with new ransomware group Prometheus & Grief

Prometheus has disclosed data on 27 victims, primarily from Mexico Government, and it looks like this is just the beginning...

01-Jun-2021
7 min read

In the cutting-edge world, data and information are caches, and data burglary has arrived at another level. The quantity of complex cases has expanded lately and keeps on developing quickly.

Prometheus is a new procurement company in an assortment of industries around the world. The group recently uncovered stolen data speculated to be from the Mexican government, which is already being sold and will be the first cybercriminal group to attack a major Latin American country of this magnitude.

As stated by Security, a cybersecurity firm outside of Los Angeles, the data breach was likely stolen from multiple email accounts due to a breach in ATO / BEC network resources and some Mexican government agencies. It is difficult to pinpoint the vulnerability and result of these leaks, but it is one element of the intimidation game that villains use.

Prometheus-ransomware

Mexico is the main trading partner of the United States, the second-largest economy in Latin America, and the 17th largest exporter in the world. The number of cyberattacks in the region has increased significantly. Mexico was one of the countries with the highest number of cyberattacks in Latin America in 2020.

To date, Prometheus has disclosed data on 27 victims, and it looks like this is just the beginning of their "career." The victims were Ghana National Gas, the Tulsa Cardiovascular Centre of Excellence (Oklahoma, USA), Hotel Naiak (New York, USA), and companies in France, Norway, Switzerland, the Netherlands, Brazil, Malaysia, and the United Arab Emirates. Actor REVil has not confirmed a direct relationship with the new group, but the relationship stays unclear. The group may be using the ransomware REVil and is one of its independent operating subsidiaries. Interestingly, almost half of all victims affected by Prometheus paid the ransom or sold the data to other members.

The group used Sonar, a secure data transfer tool built into the Tor network and providing an API, according to Security. - http://sonarmsniko2lvfu.onion/?a=docs-api

Prometheus-ransomware-3

Prometheus-ransomware-4

The group had several brands at that time, and it was called the-Prometheus Group.

Prometheus-ransomware-5

The group then switches to an automated ticketing system where victims can provide their IDs and pay in BTC or XMR cryptocurrencies for further decryption.

Prometheus-ransomware-6

The SQL vulnerability of the Prometheus leak site, embedded in TOR, allowed the e-mail addresses of operators to be disclosed. Then the participants in the threat discover and fix vulnerabilities.

Strangely, a few cases identified with the exercises of Prometheus or Prom (elective name) can be detectable by the primary antivirus motors as Thanos ransomware. Thanos ransomware (otherwise called the Hawkbit Rank program) was created by Nosophoros, an underground extremist who offered it to a few dims’ web networks. He has likewise worked with a few donors advancing the Jigsaw ransomware and selling traded-off RDP and VPN admittance to different organizations, including drumroll, as affirmed by Security and KELA. They have comprehensive reports of their secret exercises in Dark Web.

##Dark Web - Why are hidden web parts more dangerous

As the organizers clarified, the Summit on Cyber ​​Threats was "a serious message for establishing contacts at the highest level for leaders", an opportunity to share the results of our work with renowned colleagues and begin further fruitful cooperation in the fight against illegality. It was.

This year, attendees looked at some of the essential phenomena in cyberspace, from illegal activities to risk management issues.

Prometheus-ransomware-7

The prom virus was initially detected by the xiaopao Qihoo 360 virus analyser and belongs to the Hakbit ransomware family. Source: https://howtofix.guide/prom-virus/

Grief is a marginal-known ransomware group that claims to have stolen data from five organizations, including one in Mexico. Interestingly, the TOR Web Grief website has crawl protection that prevents cybersecurity researchers from automatically indexing content from various platforms and bots to gather information on cyber threats.

It is clear the entertainers are attempting to inspire casualties to pay them as soon as possible to forestall potential issues with European controllers, which is one of the coercion strategies. The GDPR permits the EU's Data Protection Authorities to give fines of up to €20 million ($24.1 million) or 4% of worldwide yearly turnover (whichever is higher), which will be unquestionably a more significant cost contrasted with a potential payoff installment to an underground entertainer.

Prometheus-ransomware-11

Prometheus-ransomware-8

The latest casualties added only a few days prior incorporate organizations of Mobile County, Alabama (USA) and Comune di Porto Sant'Elpidio (Italy).

Prometheus-ransomware-10

ā€œRansomware remains one of the fastest-growing issues affecting multiple industries globally. Threat actors are practicing ā€˜hack-and-leak’ operations more and more often, understanding how devastating the risk of a data breach can be for the enterprises. It is becoming a trend and a key method of extortion. Some actors design various landing pages in TOR to blur attribution, acting as new groups. In fact, they are tightly interconnected with other well-established players in the underground.ā€-said Saraj Pant, a digital danger insight examiner with Resecurity, Inc.

By 2020, attackers received a ransom of $ 350 million, more than 300% more than last year, and the average payout exceeded $ 300,000.

As indicated by expert statistics, most of those influenced in 2020 will be in the industry, assembling, proficient and legitimate administrations, and development. Assembling, training, and medical services have improved fundamentally, particularly during the COVID-19 pandemic, when organizations have moved predominantly to distant tasks and individuals ensnared in danger enjoy taken benefit of numerous security openings.

The Institute for Security and Technology Working Group for Ransomware not only considers ransomware to be a financial crime but also calls for addressing it as a global priority.