When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Prometheus and Grief are the new ransomware groups in the threat landscape that claim to have ties to the REvil ransomware group. After publishing leaked data from the Mexican Government, the group is making a grand entrance as a ransomware threat.
According to a Los Angeles security firm, the data was likely stolen from email accounts due to a business email compromise (BEC) and the compromise of network resources belonging to several Mexican government agencies. The Prometheus group has already published data from 27 different victims. Those include Ghana National Gas, Tulsa Cardiovascular Center of Excellence, Hotel Nyack, and enterprises in several other countries.
The logo on their leak site reads “Prometheus, Group of REvil” which may be true but could also be an attempt to associate their name with the prominent threat group in order to gain some attention.
In the beginning stages of their attacks, they leverage the secure data transfer tool deployed in the Tor network providing API, Sonar. What’s unusual about the Prometheus ransomware activity is it’s detected as Thanos ransomware on most antivirus engines.
Grief ransomware has stolen data from 5 organizations, 1 in Mexico. SpearTip’s engineers regularly scan dark web sites in order to confirm the legitimacy of the threat actors and threat groups, but also to conduct further investigation as to what data was stolen from victims. What the Grief ransomware operators have done with their dark websites is utilize anti-crawl protection so that indexing can’t be done automatically.
At the top of their site, they list a GDPR regulation in an effort to coerce a quicker payment, “The GDPR at Article 33 requires that, in the event of a personal data breach, data controllers should notify the appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it.”
A few recent victims are Mobile County, Alabama, and Comune di Porto Sant’Elpidio.
SpearTip’s engineers are actively responding to threats at every moment of the day. They’re even working as you’re reading this. This around-the-clock dedication to protecting partners is what makes our services hold so much value.
As new actors arise almost daily in the threat landscape, it’s vital to incorporate cybersecurity into your organization’s investments. Not only will you have a group of highly technical engineers continuously monitoring your networks, but you won’t ever have to worry about the constant threats looking to take your company’s hard-earned profit.
Our team will continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.