Security News > 2020 > September > A New Hacking Group Hitting Russian Companies With Ransomware

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.

The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking threat actor, has been linked to a series of campaigns at least since March, including a successful attack against a clinical diagnostics laboratory that occurred last month on August 11.

"The group has targeted only Russian companies so far, which was typical for many Russian-speaking adversaries, such as Silence and Cobalt, at the beginning of their criminal path," Singaporean cybersecurity firm Group-IB said in a report published today and shared with The Hacker News.

OldGremlin's modus operandi involves using custom backdoors - such as TinyNode and TinyPosh to download additional payloads - with the ultimate goal of encrypting files in the infected system using TinyCryptor ransomware and holding it hostage for about $50,000.

In a different variant of the attack observed in March and April, the cybercriminals were found using COVID-themed phishing lures to financial enterprises that masqueraded as a Russian microfinance organization to deliver the TinyPosh Trojan.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/hDUxRNVE5zA/russian-ransomware-hack.html