Prometheus and Grief – A new addition to the ransomware scene

Prometheus and Grief

The Prometheus group has put up data for 27 victims for sale, including information from government agencies in Mexico

Cybersecurity researchers from the information security company Resecurity ( based out of Los Angeles) have discovered two new ransomware groups – Prometheus and Grief

Prometheus members are targeting businesses from various industries around the world. 

The group has put up for sale stolen data, allegedly belonging to the Mexican government. 

The data was allegedly stolen in a business email compromise (BEC) attack and compromise of network resources belonging to several Mexican government agencies.


As reported by Security Affairs, Prometheus has released data on 27 victims to date, and this appears to be just the beginning of their “career.” 

The list of victims of the ransomware includes the gas company Ghana National Gas, the Tulsa Center of Excellence in Cardiovascular System (Oklahoma, USA), the Nyack Hotel (New York, USA), as well as enterprises in France, Norway, Switzerland, the Netherlands, Brazil, Malaysia and the UAE.

It is worth noting that the group mentions REvil on its logo, indicating a connection with this ransomware group. However, Representatives of the REvil group have not confirmed a direct relationship with the new cybercriminal threat. Prometheus is likely an independent partner of REvil.


Some of the malware samples associated with Prometheus have been detected by popular antivirus engines as Thanos (also known as Hakbit) ransomware, experts stated. 

Thanos was developed by the Nosophoros group, which put malware for sale in underground communities.

Grief is a lesser-known ransomware group. According to the criminals, they stole data from 5 organizations, including one in Mexico. 

The Grief Web site on Tor (dark web) has crawl protection that prevents cybersecurity researchers from automatically indexing the content. 

The page also contains a link to the General Data Protection Regulation (GDPR): “The GDPR in Section 33 requires that in the event of a personal data leak, data controllers must notify the appropriate supervisory authority without delay and, if possible, no later than 72 hours after the leak has been detected. “

Presumably, hackers are trying to motivate victims to pay them earlier and thus prevent possible problems with European regulators, which is one of the extortion tactics. 

The GDPR allows the EU data protection authorities to impose fines of up to $ 24.1 million, or 4% of annual global turnover, which is certainly a higher price than the possible ransom payment.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply