Security News > 2022 > April > OldGremlin ransomware gang targets Russia with new malware
Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims.
Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.
OldGremlin can spend months inside the compromised network before deploying the final stage of the attack: delivering TinyCrypt/TinyCryptor, the group's custom ransomware payload. Just like with ransomware attacks from other gangs, the victim gets a ransom note that provides a contact to reach the threat actor for payment negotiations.
Group-IB told BleepingComputer that OldGremlin encrypted at least three companies since the researchers started tracking the gang in 2020.
Although this number is insignificant in comparison with attacks from other ransomware gangs, the researchers note that OldGremlin spends all year reaping the benefits of the few campaigns they launch.
Group-IB's report on the recent OldGremlin campaigns, including technical analysis of the attacks and indicators of compromised is available on the company's website.