Security News > 2022 > October > OldGremlin hackers use Linux ransomware to attack Russian orgs

OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.

Group-IB researchers have been tracking OldGremlin and their tactics, techniques, and procedures since the first attacks attributed to the group in March 2020.

During an incident response engagement this year, Group-IB found that OldGremlin targeted a Linux machine with a Go variant of the TinyCrypt ransomware the gang uses to encrypt Windows machines.

The toolkit strongly suggests that OldGremlin is a highly skilled actor carefully preparing attacks to leave its victims with no other choice but to pay the ransom.

Although most ransomware gangs avoid targets in Russia and the countries in the Commonwealth of Independent States region, Russian companies are still targeted for file-encrypting attacks.

"OldGremlin has debunked the myth that ransomware groups are indifferent to Russian companies. According to our data, the gang's track record includes almost twenty attacks with multi-million ransom demands, with large companies becoming their preferred targets more often" - Ivan Pisarev, Head of Dynamic Malware Analysis Team at Group-IB. Several groups do not align with this rule, which is followed by the letter by Russian cybercriminals, Dharma, Crylock, and Thanos being some of the most active in 2021.

News URL

https://www.bleepingcomputer.com/news/security/oldgremlin-hackers-use-linux-ransomware-to-attack-russian-orgs/