"OldGremlin Ransomware Gang Targets Russia With New Malware"

A cybercriminal group called OldGremlin has returned after a hiatus of more than one year. The group is known to be highly skilled in running carefully planned and scattered campaigns. OldGremlin is different from other ransomware operations because of its small number of campaigns, as the group launched less than five since early 2021. This group has been using custom built-in-house backdoors in the targeting of businesses in Russia. Although OldGremlin is less active, the group has demanded ransoms as high as $3 million. The latest OldGremlin activity involves two phishing campaigns executed towards the end of March. It remains unclear how many companies were targeted, but researchers suspect that at least one Russian company in the mining sector fell victim to OldGremlin. The threat group used its previously observed tactic to gain initial access and exploited trending news topics. According to researchers at Group-IB, OldGremlin impersonated a senior accountant at a Russian financial organization, warning potential victims of recent sanctions imposed on Russia that would discontinue operations of the Visa and Mastercard payment processing systems. The email leads the recipient to a malicious document in Dropbox storage that downloads a backdoor called TinyFluff. This backdoor executes the Node.js interpreter and provides the attacker remote access to the victim's system. After the backdoor is planted, OldGremlin performs reconnaissance. Researchers found that OldGremlin can spend months inside the compromised network before delivering TinyCrypt/TinyCryptor, the group's custom ransomware payload. This article continues to discuss the history and latest activity of the OldGremlin ransomware gang. 

Bleeping Computer reports "OldGremlin Ransomware Gang Targets Russia With New Malware"