The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics. The triple-threat attack, which started its active phase in December 2020 and is ongoing, has hit at least ten Russian organizations in the transport and finance sectors. The name Quoter is derived from the fact the ransomware code embeds various popular quotes. If attackers hit a brick wall, they try to extort money from victims, threatening that they will release breached data stolen from the targets if they don t pay up.
Source: https://threatpost.com/rtm-banking-trojan-quoter-ransomware/164447/