OldGremlin, a new ransomware gang, is aiming at Russian targets, Group-IB says

OldGremlin, a new ransomware gang, is aiming at Russian targets, Group-IB says
Written by Sep 23, 2020 | CYBERSCOOP

Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB.


The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says.


It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators.


“What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or they are representatives of some of Russia’s neighbors who have a strong command of Russian.” Many of those former Soviet bloc neighbors have tense relationships with Moscow.


OldGremlin’s tools and tactics


The most recent successful attack identified by Group-IB, which has offices in Singapore and Moscow, was against a clinical diagnostics laboratory in August. The attackers faked an email from RBC, Russia’s biggest media holding company, with “Invoice” as the subject. The victim clicked a link that downloaded a ..

Support the originator by clicking the read the rest link below.