Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

OldGremlin Ransomware: Never Ever Feed Them after The Locknight
← Research Hub

OldGremlin Ransomware: Never Ever Feed Them after The Locknight

The case of OldGremlin illustrates how the ransomware industry has evolved in recent years. In this report, you will find the history of the “gremlins”, descriptions of the tactics and tools they use, and recommendations on how to secure your organization from these threat actors.
Download report

In this report:

TTPs

Discover the group’s tools as well as the tactics, techniques and procedures that they use, mapped to MITRE ATT&CK® matrix

Kill Chain

Explore the history of OldGremlin’s campaigns and the full attack cycle based on unique data from Group-IB Threat Intelligence

IoCs and recommendations

Learn the indicators of compromise and recommendations on how to protect against OldGremlin attacks

Why OldGremlin is dangerous

In March 2020, Group-IB analysts discovered a ransomware group that they named OldGremlin. Only Russian organizations, supposedly using this market as a testing ground before expanding to other geographies.

For each new campaign, the “gremlins” adjust the kill chain, exploit well-known brands, and carefully prepare the emails and documents to deceive their victims. Read about the group’s attack history and the tactics and techniques that it uses.

About OldGremlin

Attack geography:Attack geography:

Russia

Key targeted sectors:Key targeted sectors:

Manufacturing, logistics, insurance, retail, real estate, software development

Total number of attacks:Total number of attacks:

16

Dwell time in the victim’s infrastructureDwell time in the victim’s infrastructure

49 days

Highest ransom demand:Highest ransom demand:

$16.9 million

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

OPERA1ER: Playing God Without Permission
Threat Research
OPERA1ER: Playing God Without Permission
The group relied solely on known “off-the-shelf” tools to steal millions from financial service...
Learn moreDownload report
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn moreDownload report
Conti Armada: The ARMattack Campaign
Threat Research
Conti Armada: The ARMattack Campaign
Take a deep dive into “ARMattack”, one of the shortest yet most successful campaigns...
Learn moreDownload report