Group-IB, a cybersecurity company, has warned of a new wave of attacks against Russian companies by the Russian-speaking ransomware group OldGremlin.
According to experts, until recently, Russian-speaking criminal extortion groups had one unspoken rule – do not touch Russian companies. However, OldGremlin was one of the rare exceptions.
At the end of March, Group-IB discovered two new attacks on Russian companies on March 22 and 25. In the first mailing dated March 22, extortionists play on the topic of sanctions and the “complete withdrawal” of Visa and Mastercard payment systems – the letter was written on behalf of a senior accountant of a Russian financial institution. To apply for a new bank card, “everyone urgently” had to study the instructions and fill out a questionnaire. In fact, the emails contained links to a malicious document located in DropBox. Three days later, on March 25, OldGremlin did another mailing list.
Group-IB experts suggest that new mailings could infect a large number of companies, and in the coming months, attackers will move slowly, “slowly and carefully” in their infrastructure, bypassing protection systems.