•   
  •   
  •   

Technology This new ransomware group claims to have breached over 30 organisations so far

08:30  13 june  2021
08:30  13 june  2021 Source:   zdnet.com

Ransomware is now a national security risk. This group thinks it knows how to defeat it

  Ransomware is now a national security risk. This group thinks it knows how to defeat it Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns.

The cyber criminals behind Prometheus claim to have hit over 30 victims around the world so far , including organisations in North America, Europe and Asia. Given how Prometheus and other ransomware groups often rely on breaching user accounts to embed themselves on networks, one thing that organisations can do to help protect against ransomware attacks is use multi-factor authentication. Deploying this to all users provides an additional barrier to attacks, making it harder for cyber criminals to exploit stolen credentials as a starting point for ransomware campaigns.

01: 30 - 10 июн. 2021 г. 3 ретвита. 7 отметок «Нравится».

a man sitting at a table using a laptop: Worried business man after falling victim to a cyberattack. © Getty Images/iStockphoto

Worried business man after falling victim to a cyberattack.

a screen shot of a person © Provided by ZDNet
Why is ransomware such a big threat and how do you defend your network against it?
Watch Now

An emerging ransomware operation appears to have links to a veteran cyber criminal group in the space – while also attempting to piggyback on the reputation of one of the most notorious forms ransomware.

Prometheus ransomware first emerged in February this year and not only do the criminals behind it encrypt networks and demand a ransom for the decryption key, they also use double extortion tactics and will threaten to leak stolen data if their demands for cryptocurrency aren't met.

What is ransomware? Everything you need to know about one of the biggest menaces on the web

  What is ransomware? Everything you need to know about one of the biggest menaces on the web Updated: Everything you need to know about ransomware: how it started, why it's booming, how to protect against it.What is ransomware?

This new ransomware group claims to have breached over 30 organisations so farhttps://www.zdnet.com/article/ this - new - ransomware - group - claims - to - have - breached - over - 30 - organisations - so - far /?ftag=COS-05-10aaa0g&taid=60c20cd335ede90001f5e80e&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter …

Welcome home! This timeline is where you’ll spend most of your time, getting instant updates about what matters to you. Tweets not working for you? Hover over the profile pic and click the Following button to unfollow any account. Say a lot with a little. When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

Analysis by cybersecurity researchers at Palo Alto Networks details how, like many ransomware operations in 2021, the group runs like a professional enterprise, even going so far as to refer to victims of cyber attacks as "customers" and communicating with them via a ticketing system.

The cyber criminals behind Prometheus claim to have hit over 30 victims around the world so far, including organisations in North America, Europe and Asia. Sectors Prometheus claims to have hit include government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law.

However, only four victims have paid to date, according to the group's leak site which claims that a Peruvian agricultural company, a Brazilian healthcare services provider and transportation and logistics organizations in Austria and Singapore paid ransoms, Palo Alto said.

Ransomware: Dramatic increase in attacks is causing harm on a significant scale

  Ransomware: Dramatic increase in attacks is causing harm on a significant scale National Crime Agency report warns on the rise in frequency and severity of ransomware attacks as cyber criminals exploit rise in remote working.A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned.

Data breaches and security incidents taking place at enterprise organizations are commonplace and hardly a week goes by when we don't hear of yet another cyberattack on a well-known company -- but when core, critical utilities and country infrastructure is involved, things take an even more serious turn. The leak site operated by DarkSide has gone so far as to create a press corner for journalists and 'recovery' firms to reach them directly. On the leak site, the ransomware group claims to have a code of conduct that prevents attacks against funeral services, hospitals, palliative care, nursing

At least two major ransomware gangs are abusing vulnerabilities in the VMWare ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives. This new ransomware group claims to have breached over 30 organisations so far .

One notable trait of Prometheus is that it uses the branding of another ransomware group across its infrastructure, claiming to be 'Group of REvil' on the ransom note and across its communication platforms.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

REvil is one of the most infamous and most successful ransomware operations, claiming a string of high profile victims. The FBI recently attributed the ransomware attack against meat processor JBS to the group, which is believed to work out of Russia.

However, despite the use of REvil's name, there doesn't appear to be any link between the two operations – and it's likely that Prometheus is attempting to use the name of an established criminal operation in order to increase their chance of receiving a ransom payment.

"Since there is no solid connection other than the reference of the name, our running theory is that they are leveraging the REvil name to increase their chances of securing payment. If you search for REvil, the headlines are going to speak for themselves versus searching Prometheus ransomware where probably nothing major would've come up," Doel Santos, threat intelligence analyst at Unit 42, Palo Alto Networks told ZDNet.

Best sports movies

  Best sports movies Boxing heroes, Olympic figure skaters, and baseball outsiders duke it out for the title of best sports movies from Stacker.

Over a quarter of organisations that fall victim to ransomware attacks opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now more than million. A Crowdstrike study based on responses from thousands of information security professionals and IT decision makers across the globe found that 27 percent said their organisation had paid the ransom after their network got encrypted with ransomware . This new ransomware group claims to have breached over 30 organisations so far .

This new ransomware group claims to have breached over 30 organisations so far . Prometheus ransomware uses branding of REvil in attempt to piggyback on the fame of one of the most infamous - and successful - ransomware groups .

Researchers note the operation does have strong links to Thanos ransomware.

Thanos ransomware first emerged for sale on underground forums in the first half of 2020 but the behaviour and infrastructure of it is almost identical to Prometheus, which could suggest that Thanos and Prometheus are run by the same group of criminals.

See: This company was hit by ransomware. Here's what they did next, and why they didn't pay up

While researchers haven't been able to identify the exact method Prometheus is delivered to victims, Thanos is known to be distributed with the aid of buying access to networks which have previously been compromised with malware, brute-force attacks against commonly used passwords and phishing attacks.

After compromising victims with ransomware, Prometheus tailors the ransom depending on the target, with demands ranging from $6,000 to $100,000 – a figure that's doubled if the victim doesn't pay within a week.

The ransom is demanded in Monero, rather than Bitcoin, a decision likely made because Monero transactions are more difficult to track than Bitcoin – so there's less chance of the group being detected or their assets seized by law enforcement operations.

As ransomware attacks cripple US infrastructure, a look at why they're on the rise

  As ransomware attacks cripple US infrastructure, a look at why they're on the rise A recent spate of ransomware attacks has left the nation reeling. A recent spate of ransomware attacks has crippled critical American infrastructure, disrupted major food supply chains and revealed that no firm -- big or small -- is safe from these insidious cyberattacks.

It's believed that the group is still active and will continue as long as attacks remain profitable.

"As long as Prometheus keeps targeting vulnerable organizations, it will keep running campaigns," said Santos. "Going forward we would expect this group to keep adding victims to their leak site, and change their techniques as needed," he added.

Given how Prometheus and other ransomware groups often rely on breaching user accounts to embed themselves on networks, one thing which organisations can do to help protect against ransomware attacks is use multi-factor authentication.

Deploying this to all users provides an additional barrier to attacks, making it harder for cyber criminals to exploit stolen credentials as a starting point for ransomware campaigns.

MORE ON CYBERSECURITY

  • Ransomware is growing at an alarming rate, warns GCHQ chief
  • Ransomware attacks are not a matter of if, but when
  • Ransomware: How the NHS learned the lessons of WannaCry to protect hospitals from attack
  • US recovers part of multimillion-dollar ransom paid in Colonial Pipeline hack
  • Ransomware is now a national security risk. This group thinks it knows how to defeat it

Can Biden do anything to stop ransomware attacks? .
An expert on why ransomware is a threat with international political implications.And this weekend, a ransomware group called REvil struck another business, demanding $70 million in payment to unlock the systems of software company Kaseya. By attacking Kaseya, these hackers exploited all of its clients, meaning dozens and dozens of businesses experienced the cyberattack, from a Swedish grocery store chain to schools in New Zealand.

usr: 2
This is interesting!