There is a new ransomware wūhich called OldGremlin ransomware that has targeted a few Russian Company including bank, industrial enterprises and medical firms. The origin of the ransomware is coming from a Russian hacker’s group which started active on the targeted attacks such as banks, medical labs, manufacturers and software developers since March this year
What is OldGremlin?
As been mentioned above, OldGremlin will have to rely on tools which TinyPost and TinyNode been used as a custom backdoor. The main purpose of those backdoor is to gain an initial foothold within the organization.
OldGremlin ransomware also has made use of a tricky spear-phishing email which it is a dangerous method to spread ransomware nowadays. The coronavirus pandemic is a famous and suitable topic to use for the spear-phishing which some of the victims still unaware of the attack.
The Trick that been used for OldGremlin
Trick that been used for OldGremlin would be something like below:
- Firstly, the attacker will make a dummy email which will look that it been sent from RBC (Russian’s biggest media holding company)
- Those victims who have no security awareness will click the link which leads to .zip archive downloaded file that contains a malicious file
- Once the victims open the file malicious file, the backdoor will automatically install additional malware such as Cobalt Strike(a malware that obtains authentication data of the domain administrator)
- The attacker will delete all the server backups before they encrypted the victim’s machine either network and data with the support of TinyCryptor ransomware.
- Lastly, the attacker will demand a certain amount of money from the victims via cryptocurrency
Oleg Skulkin, Senior Digital Forensics Analyst at Group-IB have said
The lack of a strong channel of communication between organisations that counter cybercrime and the context of political instability has led to the emergence of new criminal groups who think that they can get away with their crimes,
Later, he continued saying
Another factor that helps cyber criminals make money on ransoms include businesses underestimating threats and the lack of security controls that identify and block ransomware on time,