The Crypt Ghouls group is suspected to be behind a series of ransomware attacks on Russian businesses and government agencies. The group is known to use a variety of tools and tactics, including VPNs, Mimikatz, XenAllPasswordPro, and PsExec. They have also been observed using a CobInt backdoor loader that allows them to gain a foothold on victims’ systems. The group is known to use a variety of ransomware strains, including LockBit 3.0 and Babuk.