A new ransomware group called OldGremlin is targeting large organizations in Russia. It employs a self-made backdoor called TinyNode, file encryption malware, and third-party software, such as Cobalt Strike for reconnaissance and lateral movement. Most of the group's victims are in Russia, including a large medical company that had its systems held for a $50K ransom, according to security firm Group IB.
More from Group IB:
- Since this spring, OldGremlin has carried out at least seven phishing campaigns.
- To trick victims, the group has impersonated a Russian self-regulatory organization, a Russian metallurgical holding company, a Belarusian tractor plant, a Russian dental clinic, and a Russian media holding company.
- OldGremlin appears to have broken an unspoken rule among Russian hackers that Russian targets are off-limits.