A new Russian-speaking ransomware gang has planed campaigns against critical infrastructure in Russia.
Why this matters
- OldGremlin came to the spotlight after its attack against a medical company. It only lasted for 20 seconds before Windows Defender threw it out. However, in these 20 seconds, the trojan achieved persistence in the system.
- A few weeks later, the group deleted all the organization’s backups and demanded $50,000 in cryptocurrency.
- The well-designed spear-phishing emails consist of current news as a lure.
The bottom line
OldGremlin began its activities between late-March and early-April. It mainly took advantage of COVID-19 lures. They have been spotted conducting multi-stage targeted attacks on Russian organizations using sophisticated TTPs, usually seen among APT groups.