Ransomware attacks are on a global increase. It is a particularly nasty computer malware that encrypts your important files and renders them inaccessible unless you pay a ransom to the hacker for the key to decrypt the files. It attacks the master boot record and blocks victims from accessing their operating system. The malware typically spreads through email attachments, drive-by downloads or social engineering, such as phishing on the web. The encryption uses bit keys, rendering it almost impossible to break without a key. The key then uses brute force methods or some strain of asymmetric cryptanalytic attack. Meanwhile, the hackers demand a fee, ranging from $300 to $10,000 or more in exchange for the decryption key.
It is rapidly becoming a dominant cyber hiccup that internet users cannot escape and will only continue to grow as these schemes are exceptionally profitable for cybercriminals in matters of money. On the contrary, past year statistics revealed an alarming state of businesses and individuals who suffered close to $75 billion in losses. These vulnerabilities are estimated to expand to $6 trillion per year in 2021.
The threat has grown to such a large extent. The FBI recently published reports and press releases warning businesses about ransomware threats and cybercriminals. In addition, government agencies are also guarding against these attacks proving the importance of combating this crime. In addition, there have been many cases where hospitals have had to pay thousands of dollars in bitcoin to regain access to their computers.
In February 2021, a new evil piece of software called ‘Prometheus’ hit the headlines. This malware made its way upon humankind silently, through inconspicuous drive-by exploits that affected an astounding number of websites in a short period. Sounds like a mythical creature that comes to steal your data, but unfortunately, it’s not. Equally unfortunate is the fact that it manages to steal data not once but twice without you noticing. It also deletes all Shadow Backup files from your computer. It is fundamentally based on the open-source project RaaS (Ransomware as a Service). Cybercriminals purchase the device on the underground market, load it with the configuration file and use it for their crime.
So far, Prometheus has infected its way into 30 organisations, all fitting to different categories and industries. These include financial institutions, manufacturing, law firms and governments of North America and several other countries in Asia, Europe and the Middle East. Other sectors that have been jolted are logistics, consulting, agriculture, healthcare services, insurance agencies, energy, etc.
The swindlers behind Prometheus claim its victims as “customers” and threaten them with ransom notes or “timed tickets”. If the victims(enterprises/individuals) fail to comply with their extortion tactics of paying hefty amounts, their data then becomes available for auction. If the payment deadline exceeds, the only way out is when enterprises can swiftly claim a new ticket to cease the auction and retrieve the data.
The gang that boasts about its success stated itself as a part of another ransomware gang REvil (one of the most prolific ransomware hacking groups, specialized in software exploits and malware attacks). However, published research by Unit 42 of Palo Alto Networks discarded the claim as there was no relation found between the two.
Prometheus masterminds took the game up a notch by demanding ransom in Monero, instead of Bitcoin. This decision has likely been made in the effect of Monero being the most secure, private, and untraceable cryptocurrency. It accomplishes this through its ring signature, stealth address, and confidential transactions features. This diminishes even the tiniest possibility of their identity being revealed to law enforcement agencies.
This new breed of ransomware that’s appearing in the wild is sure to strike fear into most Internet users’ hearts, especially if they use Windows systems. This new type of ransomware isn’t targeting humans alone though. It aims itself directly at internet-connected devices. Earlier, Zeus, CryptoLocker, swayed the world and now Prometheus. The ransomware family is growing exponentially and this recent incarnation is the latest scourge in the world of ransomware. In regard to the gang’s existence, it is assumed that they are active and will operate for a longer time. It is also expected that more enterprises will continue to be victims to their data auctions and altered techniques bringing more pay-offs their way.