Tuesday, October 20, 14:54
Home security GandCrab Ransomware was not withdrawn as we thought

GandCrab Ransomware was not withdrawn as we thought

The creators of the infamous GandCrab ransomware, who tried to mislead users who have retired in the summer seem to have returned now, after SecureWorks discovered a new ransomware strain associated with them.

In June, the developers behind the GandCrab ransomware said they were planning to retire after they had managed to earn about $ 2.

According to Bitdefender, GandCrab was first released in January by 2018 and managed to become the most popular stem ransomware globally, at a point that accounted for 50% of all ransomware attacks.

The creators of GandCrab

Despite their statements malicious Developers, SecureWorks researchers warn that Criminals they may not have retired after discovering a new strain of ransomware.

GandCrab had spread like wildfire, thanks in part to its sales technique, which allowed criminals to buy ready-made kits in return for the 40% return of their proceeds to developers.

However, SecureWorks said that it had detected REVIL (also known as Sodinokibi) in April of this year.

"Analysis of the Security Threat Unit (CTU) of Secureworks suggests that REvil is likely linked to GandCrab ransomware, due to similar code and the appearance of REvil as GandCrab activity began to decline," the researchers said.

"Given the diverse and advanced delivery mechanisms, the complexity of the code, and the resources used by REvil, CTU researchers estimate that this ransomware will replace GandCrab as a widespread threat," the researchers warned. “REvil does not contain worm-like features that would allow it to spread laterally during an infection. It will need to be installed or downloaded via malware that has this ability. ”

"The best way to limit ransomware damage is to back up your valuable data," they added. “CTU researchers recommend organizations use 3-2-1 backup strategy to ensure successful data recovery in case of attack ransomware ”.

Don Smith, director of the Secureworks Threat Unit, told with the BBC:

“It is not surprising that the team has reappeared. GandCrab offered good pay to criminals. It is unlikely that an existing and capable group will stop its action. It is possible that they wanted to reduce the attention GandCrab had drawn so they could start again with a new product, ”he concluded.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


Gang ransomware donates part of ransom to charities

The Darkside ransomware gang has donated 10 thousand dollars from the ransom it has collected from its victims to Children International ...

FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...

Hackers hijack Telegram via an SS7 attack

Hackers with access to the Signaling System 7 (SS7) used to connect to mobile networks around the world were able to ...

Windows GravityRAT malware now targets Android and macOS

GravityRAT, a malware that monitors the CPU temperature of Windows computers to detect virtual machines or sandboxes, has acquired additional ...

DDoS attacks tripled, forcing victims to pay a ransom

The last quarter of 2020 saw a wave of web application attacks that have used ransom letters to target companies in various industries ....

Phishing campaign violates Office 365 accounts through OAuth app

Security researchers have discovered a new phishing campaign that uses a Coinbase-themed email. Target of the hackers behind the campaign, ...

A hacking team donated money stolen from attacks

A hacking team donated some of the money it stole from companies to charities. This is an unprecedented case that raises ...

Instagram: Investigated by the EU for child data protection

Instagram is under investigation by the EU, as it allegedly failed to ensure the protection of children's data on its platform ....

Ransomware attack "cost" $ 300.000 in Mississippi schools!

A Mississippi school district voted to pay $ 300.000 to recover files encrypted during an ransomware attack. A...