Global news + Ransomware 7 Defence todaySeptember 28, 2020 391 1 198 4

share close

The cybercriminal group has plagued firms with ransomware that were sent via spear phishing emails with COVID-19 lures, since March.

A new cybercriminal group called OldGremlin has been targeting Russian companies – including banks, industrial enterprises and medical firms with ransomware attacks.

OldGremlin relies on a group of tools, including custom backdoors called TinyPosh and TinyNode, to gain an initial foothold in the organization. It also uses tricky spear-phishing emails that utilize constantly evolving lures — from false coronavirus pandemic recommendations to fake requests for media interviews. And, the Russian-speaking cybercriminal group targets other Russian organizations, which researchers say is a big no-no within the Russian hacker community.

Researchers first discovered the group in August, when it targeted a large, unnamed medical company with a spear-phishing email purporting to be sent by the media holding company RBC. Instead, the email was an attack vector for OldGremlin to encrypt the company’s entire corporate network and demand a $50,000 ransom.

They used Russia as a testing ground and then these groups switched to other geographies to distance themselves from the vicious actions of the victim country’s police and decrease the chances of ending behind the bars.

“According to Group-IB expert estimations, since the spring, OldGremlin has conducted at least seven phishing campaigns,” said researchers with Group-IB in a Wednesday post. “The hackers have impersonated the self-regulatory organization Mikrofinansirovaniye i Razvitiye (SRO MiR); a Russian metallurgical holding company; the Belarusian plant Minsk Tractor Works; a dental clinic; and the media holding company RBC.”

Timeline of OldGremlin’s ransomware attacks. Credit: Group-IB

Written by: 7 Defence

Tagged as: , , , , , .

Rate it
Previous post

Post comments (1)

  1. Jayme Dooley on May 13, 2019

    Consequatur ratione molestiae qui dolorem rem ea unde perspiciatis. Voluptatem iure cum fuga voluptas quas ut. Hic et commodi sed qui quas cum rerum. Nobis enim sed quis quia.

    Voluptatem et libero velit minima. Aliquam voluptates eius voluptas.

Leave a reply

Your email address will not be published. Required fields are marked *