Prometheus Ransomware Gang: A Group of REvil

Security Alert
Published June 9, 2021

Prometheus is a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. Prometheus leverages double-extortion tactics and hosts a leak site, where it names new victims and posts stolen data available for purchase. It claims to have breached 30 organizations in government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the United States, United Kingdom and a dozen more countries in Asia, Europe, the Middle East and South America.

ADVERSARY:
MALWARE FAMILIES:
Prometheus,Thanos,REvil – S0496
ATT&CK IDS:
T1057 – Process Discovery,T1059 – Command and Scripting Interpreter,T1112 – Modify Registry,T1486 – Data Encrypted for Impact,T1490 – Inhibit System Recovery,T1083 – File and Directory Discovery,T1562.006 – Indicator Blocking,T1547.001 – Registry Run Keys / Startup Folder,T1562.001 – Disable or Modify Tools

Related Content

Ready to Simplify IT Management?

We will work with you to select a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.