Russian-speaking hackers attacked Russian companies & demanded ransom
Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of $50,000.
Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule “do not work on RU”.
According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim’s computer, the backdoor malware TinyPosh runs.
This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization’s backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access.
“The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe,” said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection.