The group is using custom-created backdoors to inject their ransomware, "TinyCrypt" into corporate networks, and they don't seem to be picky. They're targeting business ranging from Russian medical equipment manufacturers, to banks and software development companies.
Their attacks begin as so many do, with spear phishing emails aimed at getting valid login credentials. These will target high ranking, named officials at the company in question. In at least one instance, the email was sent by someone claiming to be a journalist interested in interviewing the recipient for an article in a popular business newspaper.
However they're disguised, the purpose is to utilize social engineering techniques, paired with current events to make them seem more believable. Once they get an "in," their first objective is to install a backdoor so they can return later. This typically happens a number of weeks after the seemingly innocuous communication to throw anyone who might be looking off the scent.
In time, the trap is sprung, and the files on the network are encrypted (after the hackers have presumably made copies of anything that was of interest to them). After all that, a hefty ransom, in the neighborhood of $50,000 USD is demanded.
Unfortunately, there's no good defense against this kind of well-orchestrated attack, except vigilance. Be sure your staff is aware of the possibility. It's just a matter of time before OldGremlin goes global.