Ransomware Groups

Caleb Boma | June 1st, 2021


Prometheus and Grief are the new ransomware groups in the threat landscape that claim to have ties to the REvil ransomware group. After publishing leaked data from the Mexican Government, the group is making a grand entrance as a ransomware threat.

Details of Prometheus and Grief Ransomware Groups

According to a Los Angeles security firm, the data was likely stolen from email accounts due to a business email compromise (BEC) and the compromise of network resources belonging to several Mexican government agencies. The Prometheus group has already published data from 27 different victims. Those include Ghana National Gas, Tulsa Cardiovascular Center of Excellence, Hotel Nyack, and enterprises in several other countries.

The logo on their leak site reads “Prometheus, Group of REvil” which may be true but could also be an attempt to associate their name with the prominent threat group in order to gain some attention.

In the beginning stages of their attacks, they leverage the secure data transfer tool deployed in the Tor network providing API, Sonar. What’s unusual about the Prometheus ransomware activity is it’s detected as Thanos ransomware on most antivirus engines.

Grief ransomware has stolen data from 5 organizations, 1 in Mexico. SpearTip’s engineers regularly scan dark web sites in order to confirm the legitimacy of the threat actors and threat groups, but also to conduct further investigation as to what data was stolen from victims. What the Grief ransomware operators have done with their dark websites is utilize anti-crawl protection so that indexing can’t be done automatically.

At the top of their site, they list a GDPR regulation in an effort to coerce a quicker payment, “The GDPR at Article 33 requires that, in the event of a personal data breach, data controllers should notify the appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it.”

A few recent victims are Mobile County, Alabama, and Comune di Porto Sant’Elpidio.

SpearTip’s engineers are actively responding to threats at every moment of the day. They’re even working as you’re reading this. This around-the-clock dedication to protecting partners is what makes our services hold so much value.

As new actors arise almost daily in the threat landscape, it’s vital to incorporate cybersecurity into your organization’s investments. Not only will you have a group of highly technical engineers continuously monitoring your networks, but you won’t ever have to worry about the constant threats looking to take your company’s hard-earned profit.

Our team will continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.


Connect With Us

Featured Articles

DNS Tunneling
DNS Tunneling: New Tactic To Scan Networks and Track Victims
10 June 2024
Mastermind Behind LockBit Ransomware
Mastermind Behind LockBit Ransomware Unveiled and Charged
07 June 2024
Unchecked User Privileges
Unchecked User Privileges: How to Counter
03 June 2024
Cloud Migration
Cloud Migration Impact on Network Security
28 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.