MOSCOW, September 23. /TASS/. International company Group-IB, specializing in preventing cyberattacks, has detected a successful attack by OldGremlin criminal group on a Russian medical company, as well as on a number of financial organizations, press service of Group-IB told TASS.
It was noted that in August 2020, during the investigation of the incident Group-IB Threat Intelligence specialists learned the details of a successful attack by a criminal group called OldGremlin. A large medical company with a network of regional branches became the victim of hackers. The attack began with a phishing letter allegedly from the RBC media holding.
"As established by Group-IB, at the initial stage, the attackers used a unique self-written backdoor TinyNode, which acts as a primary bootloader that allows you to download and run other malicious programs. With its help, attackers gained remote access to the victim's infected computer, which acted as a springboard for data collection and further advancement through the organization's network," Group-IB explained.
Several weeks after the attack began, the attackers deleted the organization's backups in order to make it impossible to recover data. On one weekend day, they spread their TinyCryptor ransomware virus from the same server to hundreds of computers on the corporate network in just a few hours. As a result of the attack, the work of the regional divisions of the company was paralyzed - the attackers demanded $50,000 in cryptocurrency for decrypting the data.
According to Group-IB estimates, since this spring, OldGremlin has conducted at least 9 campaigns to send malicious emails.