A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years.
“The group’s victims include companies in sectors such as logistics, industry, insurance, retail, real estate, software development, and banking,” Group-IB said in an exhaustive report shared with The Hacker News. “In 2020, the group even targeted an arms manufacturer.”
In what’s a rarity in the ransomware landscape, OldGremlin (aka TinyScouts) is one of the very few financially motivated cybercrime gangs that primarily focuses on Russian companies.
Other notable groups consist of Dharma, Crylock, and Thanos, contributing to an uptick in ransomware attacks targeting businesses in the country by over 200% in 2021.
OldGremlin first came to light in September 2020 when the Singapore-headquartered cybersecurity company disclosed nine campaigns orchestrated by the actor between May and August. The first attack was detected in early April 2020.
In all, the group is said to have conducted 10 phishing email campaigns in 2020, followed by one highly successful attack in 2021 and five more in 2022, with ransom demands touching a record $16.9 million and allowing the actor to net as much as $30 million in illicit revenues.
