Security News > 2021 > October > Russian orgs heavily targeted by smaller tier ransomware gangs
Even though American and European companies enjoy the lion's share of ransomware attacks launched from Russian ground, companies in the country aren't spared from having to deal with file encryption and double-extortion troubles of their own.
The actors who trouble Russian and CIS-based companies in general though, aren't REvil, LockBit, DarkSide, and any of the more notorious groups that launch high-profile attacks on critical infrastructure targets.
The groups that comprise this largely ignored subcategory of ransomware actors are typically less sophisticated, predominately use older strains or leaked malware,and establish intrusion on their own instead of buying access to the targets.
It's a C/C++ malware that has contextual technical similarities to the Dharma strain, but no underlying relation.
The cases of opportunistic attacks using leaked ransomware strains concern mainly Fonix, which wrapped up its RaaS program in January this year.
Russian companies can prevent many of these threats by simply blocking RDP access, using strong passwords for domain accounts that are changed regularly, and accessing corporate networks through VPN..