Prometheus Ransomware Gang: A Group of REvil

Security Alert
Published June 9, 2021

Prometheus is a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. Prometheus leverages double-extortion tactics and hosts a leak site, where it names new victims and posts stolen data available for purchase. It claims to have breached 30 organizations in government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the United States, United Kingdom and a dozen more countries in Asia, Europe, the Middle East and South America.

ADVERSARY:
MALWARE FAMILIES:
PrometheusThanosREvil – S0496
ATT&CK IDS:
T1057 – Process DiscoveryT1059 – Command and Scripting InterpreterT1112 – Modify RegistryT1486 – Data Encrypted for ImpactT1490 – Inhibit System RecoveryT1083 – File and Directory DiscoveryT1562.006 – Indicator BlockingT1547.001 – Registry Run Keys / Startup FolderT1562.001 – Disable or Modify Tools

Related Content

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.