OldGremlin Ransomware Attack Russian Networks
Category: Ransomware News | Industries: Insurance, Logistics, Manufacturing, Real Estate, Retail, Software Development | Level: Strategic | Source: Group-IB
Researchers from Group-IB observed the OldGremlin ransomware group targeting Russian organizations expanding its arsenal with the incorporation of a new Linux variant of its ransomware. Activity from the group is slowly increasing from their emergence approximately two and a half years ago, the group has conducted at least 16 malicious campaigns. The Russian-speaking threat group is known to demand large sums in ransom, "OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million." OldGremlin operators mainly use phishing for initial access using trending news topics such as COVID-19, geopolitical news, and remote work. Known tools in the ransomware groups arsenal include PowerSploit, Cobalt Strike, and a continually developed backdoor, and TinyFluff. The typical dwell time for the group is 49 days prior to executing ransomware in the victim's environment. Verticals targeted by OldGremlin include insurance, logistics, manufacturing, real estate, retail, and software development. While currently, the group has only gone after Russian companies, it's likely the group will expand its victim profile into other geographies.