PIK Group

PIK Group, also known as PIK-Group, is a major Russian real estate development company headquartered in Russia. The organization operates within the domestic real estate market, focusing on residential and commercial property development. Its operations involve large-scale construction projects, property sales, and related services catering to the Russian real estate sector. The company’s activities position it as a significant player in the industry, though specific details regarding its market share, project portfolio, or subsidiary structure remain outside publicly confirmed sources tied to cybersecurity reporting.

The organization gained attention in cybersecurity circles following a February 2019 incident where it was targeted by a sophisticated multi-stage attack. Threat actors delivered a malicious ZIP file via phishing, disguising obfuscated JavaScript as order details—a tactic likely chosen to exploit routine document exchanges in real estate transactions. The payload deployed Troldesh ransomware, which encrypted files with a ".crypted000007" extension and altered system wallpapers to display ransom demands. Concurrently, a cryptocurrency miner covertly generated approximately 4.89 ZCash for the attackers, while a modular Trojan-Heur component enabled credential theft, remote system control, and brute-force attacks against WordPress sites. This combination of ransomware, cryptojacking, and persistent credential harvesting tools suggested financially motivated actors prioritizing immediate profit through encryption extortion and covert mining. The inclusion of noisy WordPress brute-forcing contrasted with typical stealth-focused intrusions, indicating potential botnet leasing or opportunistic profit-maximizing behavior rather than strategic espionage. The incident underscored the evolving threats facing large real estate entities managing high-value transactions and sensitive client data.