skip to Main Content

Cybercrime, is Prometheus ransomware gang part of REvil?

Palo Alto Networks Unit 42: is Prometheus ransomware gang part of the REvil firm? It claims to have breached 30 organizations

Is Prometheus ransomware gang part of the REvil firm? Cybersecurity researchers at Palo Alto Networks Unit 42 spent the past four months following the activities of the group, a new player in the malware world that uses similar malware and tactics to ransomware veteran Thanos. Prometheus leverages double-extortion tactics and hosts a leak site, where it names new victims and posts stolen data available for purchase. It claims to have breached 30 organizations in government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the United States, United Kingdom and a dozen more countries in Asia, Europe, the Middle East and South America.

The malware group claims to be part of the well known firm, but there are no indication about a relation

According to the cybersecurity experts, Prometheus runs like a professional enterprise. It refers to its victims as “customers,” communicates with them using a customer service ticketing system that warns them when payment deadlines are approaching and even uses a clock to count down the hours, minutes and seconds to a payment deadline. Furthemore, it claims to be part of the notorious ransomware gang REvil. However, Unit 42 has seen no indication that these two ransomware gangs are related in any way. The claim may be an attempt to exploit REvil’s name to persuade victims to pay up, or it could be a false flag to take attention away from Thanos.

Back To Top