Security News > 2022 > October > OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme
A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years.
In what's a rarity in the ransomware landscape, OldGremlin is one of the very few financially motivated cybercrime gangs that primarily focuses on Russian companies.
"The threat actors often pose as well-known companies, including the media group RBC, the legal assistance system Consultant Plus, the company 1C-Bitrix, the Russian Union of Industrialists and Entrepreneurs, and Minsk Tractor Works," Group-IB said.
Some of the aspects that make the crew stand out from other ransomware groups is that it doesn't rely on double extortion to coerce targeted companies into paying up despite exfiltrating the data.
One other unusual application used by OldGremlin in its attacks is a.NET console app called TinyIsolator, which temporarily cuts off the host from the network by disabling network adaptors prior to executing the ransomware.
Bash history files, changing user passwords to limit access to the compromised host, and disabling SSH. "OldGremlin has debunked the myth that ransomware groups are indifferent to Russian companies," Ivan Pisarev, head of dynamic malware analysis team at Group-IB, said.
News URL
https://thehackernews.com/2022/10/oldgremlin-ransomware-targeted-over.html
Related news
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- UK disrupts Russian money laundering networks used by ransomware (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)