There's a new threat actor on the hacking world stage

They're going by the name "OldGremlin", and they're causing some serious damage to business networks around the world. The group's malware campaign seems to have begun back in March of this year and for the moment, at least, is centered in Russia. Of course, it would be all too easy for the company to expand its attacks to encompass more of the world.

What is it that OldGremlin is doing?

The group is using custom-created backdoors to inject their ransomware, "TinyCrypt" into corporate networks, and they don't seem to be picky. They're targeting businesses ranging from medical equipment manufacturers to banks and software development companies.

Their attacks begin as so many do, with spear-phishing emails aimed at getting valid login credentials. These will target high ranking, named officials at the company in question. In at least one instance, the email was sent by someone claiming to be a journalist interested in interviewing the recipient for an article in a popular business newspaper.

Current events and social engineering is key

However they're disguised, the purpose is to utilize social engineering techniques, paired with current events to make them seem more believable. Once they get an "in," their first objective is to install a backdoor so they can return later. This typically happens a number of weeks after the seemingly innocuous communication to throw anyone who might be looking off the scent.

In time, the trap is sprung, and the files on the network are encrypted (after the hackers have presumably made copies of anything that was of interest to them). After all that, a hefty ransom, in the neighborhood of $50,000 USD is demanded.

Our perspective

Unfortunately, there's no good defense against this kind of well-orchestrated attack, except staff training and vigilance. Be sure your staff is aware of the possibility. It's just a matter of time before OldGremlin goes global.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

By Denis Wilson and Melissa Stockwell

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI'm Denis Wilson, President and Principal Consultant for DWP Information Architects. We build people/process/technology solutions to create better business outcomes for smaller enterprises in Los Angeles. We have created cost-effective office productivity and out-sourced service solutions for over 20 years, focusing principally on manufacturing, professional services, and healthcare.  Our hallmarks are cloud and on-premises network reliability, cost-effective cybersecurity, and livable small business regulatory compliance.

I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association