Security News > 2022 > October > OldGremlin hackers use Linux ransomware to attack Russian orgs
OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.
Group-IB researchers have been tracking OldGremlin and their tactics, techniques, and procedures since the first attacks attributed to the group in March 2020.
During an incident response engagement this year, Group-IB found that OldGremlin targeted a Linux machine with a Go variant of the TinyCrypt ransomware the gang uses to encrypt Windows machines.
The toolkit strongly suggests that OldGremlin is a highly skilled actor carefully preparing attacks to leave its victims with no other choice but to pay the ransom.
Although most ransomware gangs avoid targets in Russia and the countries in the Commonwealth of Independent States region, Russian companies are still targeted for file-encrypting attacks.
"OldGremlin has debunked the myth that ransomware groups are indifferent to Russian companies. According to our data, the gang's track record includes almost twenty attacks with multi-million ransom demands, with large companies becoming their preferred targets more often" - Ivan Pisarev, Head of Dynamic Malware Analysis Team at Group-IB. Several groups do not align with this rule, which is followed by the letter by Russian cybercriminals, Dharma, Crylock, and Thanos being some of the most active in 2021.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)