The creators of the infamous GandCrab ransomware, who tried to mislead users who have retired in the summer seem to have returned now, after SecureWorks discovered a new ransomware strain associated with them.
In June, the developers behind the GandCrab ransomware said they were planning to retire after they had managed to earn about $ 2.
According to Bitdefender, GandCrab was first released in January by 2018 and managed to become the most popular stem ransomware globally, at a point that accounted for 50% of all ransomware attacks.
The creators of GandCrab
GandCrab had spread like wildfire, thanks in part to its sales technique, which allowed criminals to buy ready-made kits in return for the 40% return of their proceeds to developers.
However, SecureWorks said that it had detected REVIL (also known as Sodinokibi) in April of this year.
"Analysis of the Security Threat Unit (CTU) of Secureworks suggests that REvil is likely linked to GandCrab ransomware, due to similar code and the appearance of REvil as GandCrab activity began to decline," the researchers said.
"Given the diverse and advanced delivery mechanisms, the complexity of the code, and the resources used by REvil, CTU researchers estimate that this ransomware will replace GandCrab as a widespread threat," the researchers warned. “REvil does not contain worm-like features that would allow it to spread laterally during an infection. It will need to be installed or downloaded via malware that has this ability. ”
"The best way to limit ransomware damage is to back up your valuable data," they added. “CTU researchers recommend organizations use 3-2-1 backup strategy to ensure successful data recovery in case of attack ransomware ”.
Don Smith, director of the Secureworks Threat Unit, told with the BBC:
“It is not surprising that the team has reappeared. GandCrab offered good pay to criminals. It is unlikely that an existing and capable group will stop its action. It is possible that they wanted to reduce the attention GandCrab had drawn so they could start again with a new product, ”he concluded.