Ransomware attacks against Russia continue

Hacker attacks against Russia continue, this time by the OldGremlin group, specializing in ransomware. This group is among the least known, probably also because it is not particularly active. In fact, to mass attacks, OldGremlin prefers to perpetrate sporadic and very targeted attacks, taking advantage of particularly advanced skills. The group directs its attacks exclusively to Russian companies and it seems that it has come to ask one of its victims as much as 3 million dollars as a ransom. The most recent attacks were conducted through two phishing campaigns in late March. The victims are not yet known.

However, Singapore-based cybersecurity firm Group-IB claims that at least one of them is a Russian mining company. Furthermore, it appears that OldGremlin has adopted a tactic it has used in the past to gain access to target systems by exploiting current issues. In fact, according to Group-IB, the group would have sent emails from an alleged senior accountant of a Russian financial organization, warning the victims about the consequences of the sanctions imposed on the Russian Federation, in this case the possible blocking of Visa payment management systems. and MasterCard.



Phishing is OldGremlin's preferred method of hacking into victim networks
In any case, once a network was compromised, OldGremlin could take several months before switching to action, and once the attack began, the group implemented TinyCrypt / TinyCryptor a ransomware payload created by its own members.

Once again, the "unwritten law" is violated that ransomware attacks must not being addressed to targets on Russian territory, among other things, the quality of the phishing e-mails used by OldGremlin denotes a remarkable knowledge of both the environment and the Russian language, as pointed out by the researchers themselves.