Ransomware attack against Russian government agencies and companies

The Crypt Ghouls hacker group has launched major ransomware attacks against Russian government agencies and companies by disrupting their business operations and pursuing financial gain. The main objective of these attacks is to obtain a ransom from the cyber gang at the expense of the victims on duty. In addition to government agencies, the attacks have targeted mining, energy, finance, and retail companies. The Crypt Ghouls group used several tools to carry out the cyber attacks, including Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, and PsExec. In addition to this toolkit, the cybercriminal group used compromised credentials from victims’ vendors to connect to internal systems via VPN. Once they entered various internal systems, cybercriminals used ransomware like LockBit 3.0 and Babuk to encrypt system data, including those in the Recycle Bin, making it difficult to recover. The peculiarity of this criminal group is that it shares its toolkit with other cybercrime groups making it difficult for investigators to attribute attacks to a particular cyber gang.