Idle Ransomware Back with New Name
Just when you think one of the most successful and disruptive ransomware rings has gone idle, it resurfaces just to cause more havoc. GandCrab took the IT world by storm in 2018 as its operators launched this ransomware-as-a-service that netted them at least $2 billion since January 2018. First known as a consumer-targeting ransomware, Gandcrab soon was used against business organizations – including countless manufacturers.
The group behind GandCrab announced its retirement this fall after claiming to have earned billions of dollars. However, researchers from the Secureworks Counter Threat Unit said the group, which it calls Gold Garden, has moved onto a different ransomware known as Sodinokobi or REvil. Based on a technical analysis of REvil, CTU researchers found that the string decoding functions employed by REvil and GandCrab are nearly identical. They also discovered that REvil was likely meant to be GandCrab version 6.0 since the last observed version of GandCrab was 5.2.
In other words, new name, same strain. Ransomware comes in many forms these days, whether it is sold as RaaS or exploit kits. No matter how it takes form, ransomware like GandCrab or REvil can cause havoc for your organization. The best prevention is to ensure you have the proper security solutions in place and that you partner with an IT consulting firm that has your back, all the time. 2W Tech is a full-service IT Consulting firm that specializes in manufacturing solutions. Security is one of our areas of expertise, so give a call today to learn more.