OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme

2022-10-20 16:31

A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years.

In what's a rarity in the ransomware landscape, OldGremlin is one of the very few financially motivated cybercrime gangs that primarily focuses on Russian companies.

"The threat actors often pose as well-known companies, including the media group RBC, the legal assistance system Consultant Plus, the company 1C-Bitrix, the Russian Union of Industrialists and Entrepreneurs, and Minsk Tractor Works," Group-IB said.

Some of the aspects that make the crew stand out from other ransomware groups is that it doesn't rely on double extortion to coerce targeted companies into paying up despite exfiltrating the data.

One other unusual application used by OldGremlin in its attacks is a.NET console app called TinyIsolator, which temporarily cuts off the host from the network by disabling network adaptors prior to executing the ransomware.

Bash history files, changing user passwords to limit access to the compromised host, and disabling SSH. "OldGremlin has debunked the myth that ransomware groups are indifferent to Russian companies," Ivan Pisarev, head of dynamic malware analysis team at Group-IB, said.

News URL

https://thehackernews.com/2022/10/oldgremlin-ransomware-targeted-over.html

#multi #ransomware #russian

News URL

Related news