Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB.
The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says.
It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators.
“What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or they are representatives of some of Russia’s neighbors who have a strong command of Russian.” Many of those former Soviet bloc neighbors have tense relationships with Moscow.
OldGremlin’s tools and tactics
The most recent successful attack identified by Group-IB, which has offices in Singapore and Moscow, was against a clinical diagnostics laboratory in August. The attackers faked an email from RBC, Russia’s biggest media holding company, with “Invoice” as the subject. The victim clicked a link that downloaded a ..
Support the originator by clicking the read the rest link below.