Security News > 2022 > April > OldGremlin ransomware deploys new malware on Russian mining org
Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims.
Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.
OldGremlin can spend months inside the compromised network before deploying the final stage of the attack: delivering TinyCrypt/TinyCryptor, the group's custom ransomware payload. Just like with ransomware attacks from other gangs, the victim gets a ransom note that provides a contact to reach the threat actor for payment negotiations.
Although this number is insignificant in comparison with attacks from other ransomware gangs, the researchers note that OldGremlin spends all year reaping the benefits of the few campaigns they launch.
By focusing only on Russian companies, OldGremlin breaks the unspoken rule of not attacking entities in the Russian territories.
Group-IB's report on the recent OldGremlin campaigns, including technical analysis of the attacks and indicators of compromised is available on the company's website.
News URL
Related news
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users (source)
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)