Information and data are money in the 21st century and lots of cybercriminals are out to capture this new money. Cyberattacks have witnessed a surge in the last few months and have attained a pinnacle of sophistication. Lately, one such ransomware gang, named Prometheus, is making the headlines.
The scoop
The group has put up data of 27 victims for sale. This data includes information from government entities in Mexico. This data was reportedly stolen in a Business Email Compromise (BEC) attack on network resources belonging to various Mexican government agencies. Other victims in this list include:
Ghana National Gas
The Nyack Hotel (the U.S.)
Tulsa Center of Excellence in Cardiovascular System (the U.S.)
Organizations in the UAE, Norway, France, Switzerland, Brazil, the Netherlands, and Malaysia.
Why does it matter?
Although it is not feasible to determine the sensitivity and ultimate impact of these leaks, it should be anticipated that the data can be used for extortion purposes. Furthermore, Mexico is one of the three countries in Latin America with the most reported cyber incidents.
Possible connection with REvil
Prometheus, in its updated logo, illustrated connections with the REvil ransomware gang.
However, the latter has not confirmed any direct connection with Prometheus.
Experts surmise that the threat actor can be an independently working affiliate.
Putting some Grief into the equation
Grief is a lesser-known ransomware actor and stole data from five organizations, one of which is in Mexico.
Its website on Tor has crawl protection, thus, preventing researchers from automatically indexing content.
This website contains a link to the GDPR. This is suspected to be an extortion tactic in which the hackers motivate victims into paying an early ransom to prevent potential consequences with European authorities.
The bottom line
Irrespective of their size, organizations across the world are being compromised by threat actors. Public and private organizations are being constantly barraged by ransomware actors. In such a scenario, the discovery of these new threat actors is sure to put pressure on weak cybersecurity postures.