Ransomware Targets Corporate Network showing there’s a new threat actor on the hacking world stage, going by the name “OldGremlin”. They’re causing some severe damage to corporate networks around the world. The group’s malware campaign began back in March of this year (2020) and, for the moment, is centering in Russia. Of course, it would be all too easy for the company to expand its attacks to encompass more of the world.
The group uses custom-created backdoors to inject their ransomware, “TinyCrypt” into corporate networks, and they don’t seem to be picky. They’re targeting businesses ranging from Russian medical equipment manufacturers to banks and software development companies.
The ransomware targets corporate network begins with spear-phishing emails aimed at getting valid login credentials. These will target high ranking, named officials at the company in question. In at least one instance, someone sent an email claiming to be a journalist interested in interviewing the recipient for an article in a popular business newspaper.
Disguising for the purpose to utilize social engineering techniques paired with current events makes them seem more believable. Once the ransomware gets an “in,” their first objective is to install a backdoor so they can return later. Typically this happens several weeks after the seemingly innocuous communication to throw anyone who might be looking off the scent.
The files on the corporate network are encrypted (the hackers have already presumably made copies of anything that was of interest to them), then later demanding a ransom of $50,000.
Unfortunately, there’s no good defense against this kind of well-orchestrated attack, except vigilance. Be sure your staff is aware of the possibility. It’s just a matter of time before OldGremlin goes global.
