Ransomware gang targets Russian businesses in rare coordinated attacks
Cybersecurity researchers at Group-IB have reportedly identified a new cybercrime group targeting Russian entities with a new strain of ransomware named TinyCryptor. The group has been named OldGremlin and has been only targeting Russian businesses so far. Group-IB researchers stated that this case is unusual in that Russian-speaking gangs often don’t work within Russia and post-soviet countries.
The group often uses spear-phishing emails transporting malware-laced ZIP files to gain a foothold in the victim’s network, infecting the organization with a backdoor trojan called TinyNode. Then, the hackers spread laterally to more systems within the same network, collecting and encrypting information. OldGremlin deploys the ransomware as the final stage in its attack sequence. Once the network is encrypted, OldGremlin typically demands roughly $50,000 in payments via messages left on infected systems. The group’s attacks began in March, according to researchers.