The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often gained through compromised contractor credentials. The attackers use various techniques to harvest login credentials, perform network reconnaissance, and spread laterally. There are overlaps in tools and tactics with other groups targeting Russia, suggesting potential collaboration or resource sharing among threat actors. Victims include Russian government agencies and companies in mining, energy, finance, and retail sectors.