More ransomware groups have been launching attacks against Russian organizations amid Russia's ongoing invasion of Ukraine, according to The Record, a news site by cybersecurity firm Recorded Future.
Russian firms have been targeted with two phishing operations by the OldGremlin ransomware group, researchers from Group-IB reported. OldGremlin sent emails impersonating Russian financial firm representatives warning recipients regarding the imminent closure of the Visa and Mastercard payment systems due to sanctions, which includes a file with the "TinyFluff" backdoor. The attack has successfully impacted one mining firm in Russia, said researchers.
The report comes more than a month after Trend Micro detailed the "RURansom" wiper malware aimed at destroying encrypted files. Included in RURansom's code, as translated by Trend Micro is the statement: "President Vladimir Putin declared war on Ukraine. To counter this, I, the creator of RU_Ransom, created this malware to harm Russia." Ransomware group NB65 has also previously been reported to launch attacks against Russian state-owned broadcaster VGTRK.