The Prometheus Ransomware is a malware threat that can shut users from their computers completely. The threat initiates a powerful encryption routine that locks the files stored on the breached device with an uncrackable cryptographic algorithm (AES, according to the ransom note). The threat also is capable of exfiltrating data to a private server under the control of the hackers. The collected information is then used to further blackmail the victims into paying the demanded ransom.
Unlike most ransomware threats, the Prometheus Ransomware doesn't use a specific word to mark the files it encrypts. Instead, the threat appends a unique ID assigned to the victim as a new file extension. When it finishes encrypting the user's files, Prometheus will deliver its ransom note both as a pop-up window and as text files named 'RESTORE_FILES_INFO.txt.' The instructions in both places are identical.
According to the note, victims can either pay the demanded ransom and receive a decryption key and tool from the cybercriminals or risk having their private data being released to the public or sold to a competitor. The hackers also offer to decrypt up to 3 files for free. The intended communication channel is through a dedicated web portal accessible only through the TOR browser. The website contains a couple of important details. It reveals that the initial size of the ransom is $100,000 payable using the Monero (XMR) crypto-currency but after a set period has elapsed the amount will be doubled to $200,000. Furthermore, the site sets several rules for the files intended to be unlocked for free. They must be packaged in a ZIP archive and shouldn't exceed 2MB in size.
The full text of the ransom note delivered by the Prometheus Ransomware is:
'YOUR COMPANY NETWORK HAS BEEN HACKED
All your important files have been encrypted!
Your files are safe! Only modified.(AES)
No software available on internet can help you.
We are the only ones able to decrypt your files.
We also gathered highly confidential/personal data.
These data are currently stored on a private server.Files are also encrypted and stored securely.
As a result of working with us, you will receive:
Fully automatic decryptor, all your data will be recovered within a few hours after itâ€™s installation.
Server with your data will be immediately destroyed after your payment.
Save time and continue working.
You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back.
If you decide not to work with us:
All data on your computers will remain encrypted forever.
YOUR DATA ON OUR SERVER AND WE WILL RELEASE YOUR DATA TO PUBLIC OR RE-SELLER!
So you can expect your data to be publicly available in the near future..
The price will increase over time.
It doesn't matter to us what you choose pay us or we will sell your data.
We only seek money and our goal is not to damage your reputation or prevent your business from running.
Write to us now and we will provide the best prices.
Instructions for contacting us:
You have way:
1) Using a TOR browser!
a. Download and install TOR browser from this site: hxxps://torproject.org/
b. Open the Tor browser. Copy the link: hxxp://promethw27cbrcot.onion/ticket.php?track=LZG-ZNM-YDNM and paste it in the Tor browser.
c. Start a chat and follow the further instructions.
Any attempt to restore your files with third-party software will corrupt it.
Modify or rename files will result in a loose of data.
If you decide to try anyway, make copies before that