Security News > 2022 > April > OldGremlin ransomware deploys new malware on Russian mining org
Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims.
Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.
OldGremlin can spend months inside the compromised network before deploying the final stage of the attack: delivering TinyCrypt/TinyCryptor, the group's custom ransomware payload. Just like with ransomware attacks from other gangs, the victim gets a ransom note that provides a contact to reach the threat actor for payment negotiations.
Although this number is insignificant in comparison with attacks from other ransomware gangs, the researchers note that OldGremlin spends all year reaping the benefits of the few campaigns they launch.
By focusing only on Russian companies, OldGremlin breaks the unspoken rule of not attacking entities in the Russian territories.
Group-IB's report on the recent OldGremlin campaigns, including technical analysis of the attacks and indicators of compromised is available on the company's website.
News URL
Related news
- Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining (source)
- Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users (source)
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates (source)