A new ransomware group that claims to have impacted some 30 organizations since earlier this year is the latest example of how quickly criminal gangs are able to scale up new operations using ransomware-as-a-service offerings.
The group, Prometheus, first surfaced in February. Researchers from Palo Alto Networks (PAN) who have been tracking the gang this week described it as using double-extortion tactics — data encryption and data theft — to try and extract money from victims. The group hosts a leak site that it has been using to name new victims and post stolen data for purchase when a victim refuses or is unable to pay the demanded ransom.
According to PAN, Prometheus claims it has breached at least 30 organizations across multiple sectors, including government, manufacturing, financial services, logistics, insurance, and health care. On average, the group has demanded between $6,000 and $100,000 in Monero cryptocurrency as a ransom — relatively modest amounts by current cyber-extortion standards. The demanded ransom amount doubles if victims don't respond within the one-week deadline set by the Prometheus gang.
As is often the case, most of the group's victims are US-based organizations. Other impacted countries include Brazil, Norway, France, Peru, Mexico, and the UK. So far four victims have paid a ransom to get their data back.
Doel Santos, threat intelligence analyst at PAN's Unit 42 threat intelligence group, says there is little to suggest the Prometheus group is going after victims in a targeted fashion.
"We believe the Prometheus ransomware group is opportunistic," Santos says. "By looking at their alleged victims, they didn't seem to follow any rules or avoid certain organizations." Instead, they are attacking vulnerable organizations as they find t ..