Welcome to the

Bit Guardian Blog

News

New custom malware attack from the Russian hackers

Avoid malware and trackers

Malware is the tool that a new ransomware group – OldGremlin, uses in its ransomware attacks. They target mainly large corporate networks and use self-made backdoors and file-encrypting malware.

Malware from Russia, against Russian companies?

Strangely, the group that has been active since March, targets mainly Russian companies.

The new group seems to be very inventive. For instance, one member managed to trick a bank employee that he was a real journalist and also scheduled an interview. But, just before the interview, the group tricked the clerk to open a link that should have contained the interview questions. Instead, it delivered a Trojan.

In fact, for the first and last phase of the attacks, the group uses self-made backdoors and also file-encrypting malware. The group then come with its own ransomware – “TinyCryptor” and own backdoors – “TinyPosh” and “TinyNode”.

Then they use the Cobalt Strike penetration testing software, after they manage to make their way to the network.

This is how it started

The first malware attack that ended successfully happened in August and targeted a medical company.

The hackers sent an email to an employee, with the title “Bill due”. He clicked on a link inside the message and downloaded an attached ZIP archive.

Windows Defender detected and deleted the malware, but only after 20 seconds. This time was enough for the Trojan to affect the system. Three weeks after, all the employees were greeted with the message: “Your files have been enctrypted.”

According to the Group-IB, in order to decrypt the files, the OldGremlin group asked for a ransomware of $50,000 dollars worth of cryptocurrency.
Oleg Skulkin, from Group-IB, mentioned that the group violates “the unspoken rule about not working within Russia and post-Soviet countries.”

So, Skulkin believes that the group can be classed as part of the Big Game Hunting, that “brings together ransomware operators targeting large corporate networks.”

Related posts
News

Twitter is in for the early vote in the coming U.S. elections

News

Windows apps are better thanks to Chromium support

News

YouTube bans all the fake Covid-19 vaccine videos

News

Remote working: NATO warns about the vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *