At a glance.
- OldGremlin ransomware is an outlier.
- BlackByte's new exfiltration tool.
- Hijacking student accounts for Business Email Compromise.
- Zhora calls Russia's cyber campaigns a failure.
- CISA releases three ICS Advisories.
OldGremlin ransomware is an outlier.
A report by Group-IB indicates that OldGremlin ransomware remains an outlier. It's a rare Russophone gang that hits Russian targets along with other victims. BleepingComputer quotes Group-IBs Ivan Pisarev: "OldGremlin has debunked the myth that ransomware groups are indifferent to Russian companies. According to our data, the gang’s track record includes almost twenty attacks with multi-million ransom demands, with large companies becoming their preferred targets more often"
Active since March of 2020 and also known as TinyScout, OldGremlin has recently deployed a Linux variant of its ransomware. Why it's willing to hit the Russian targets other ransomware gangs normally exclude is unclear. It may have an arrangement with the Russian official organs, those organs may be losing their grip, or OldGremlin may simply be rolling the dice in the hope of big paydays. Or, and this is good to bear in mind, "Russian-speaking" doesn't necessarily mean "Russian." There's a Russian diaspora, after all, and there are plenty of non-Russians who speak the language.