There’s a new threat actor on the hacking world stage, going by the name “OldGremlin”, and they’re causing some serious damage to corporate networks around the world. The group’s malware campaign seems to have begun back in March of this year (2020) and for the moment, at least, is centered in Russia. Of course, it would be all too easy for the company to expand their attacks to encompass more of the world.
The group is using custom-created backdoors to inject their ransomware, “TinyCrypt” into corporate networks, and they don’t seem to be picky. They’re targeting business ranging from Russian medical equipment manufacturers, to banks and software development companies.
Their attacks begin as so many do, with spear phishing emails aimed at getting valid login credentials. These will target high ranking, named officials at the company in question. In at least one instance, the email was sent by someone claiming to be a journalist interested in interviewing the recipient for an article in a popular business newspaper.
However they’re disguised, the purpose is to utilize social engineering techniques, paired with current events to make them seem more believable. Once they get an “in,” their first objective is to install a backdoor so they can return later. This typically happens a number of weeks after the seemingly innocuous communication to throw anyone who might be looking off the scent.
In time, the trap is sprung, and the files on the network are encrypted (after the hackers have presumably made copies of anything that was of interest to them). After all that, a hefty ransom, in the neighborhood of $50,000 USD is demanded.
Unfortunately, there’s no good defense against this kind of well-orchestrated attack, except vigilance. Be sure your staff is aware of the possibility. It’s just a matter of time before OldGremlin goes global.