20.Lock AbstractDigital Circular

OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.

The gang has Russian-speaking members that have been operating since at least March 2020 using self-made malware, focusing on Russian companies in the logistics, industry, insurance, retail, real estate, software development, and banking sectors.

Also known as TinyScouts, due to the names of the functions in the malicious code they use, OldGremlin is characterized by a small number of campaigns per year with million-dollar ransom demands.