Security News > 2022 > April > OldGremlin ransomware deploys new malware on Russian mining org
Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims.
Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.
OldGremlin can spend months inside the compromised network before deploying the final stage of the attack: delivering TinyCrypt/TinyCryptor, the group's custom ransomware payload. Just like with ransomware attacks from other gangs, the victim gets a ransom note that provides a contact to reach the threat actor for payment negotiations.
Although this number is insignificant in comparison with attacks from other ransomware gangs, the researchers note that OldGremlin spends all year reaping the benefits of the few campaigns they launch.
By focusing only on Russian companies, OldGremlin breaks the unspoken rule of not attacking entities in the Russian territories.
Group-IB's report on the recent OldGremlin campaigns, including technical analysis of the attacks and indicators of compromised is available on the company's website.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)