Skip to main content

GandCrab ransomware crew returns from exile

(Image credit: Image Credit: Sergey Nivens / Shutterstock)

The group of hackers behind the now infamous GandCrab ransomware appear to have returned from their self-impsoed retirement.

Researchers from Secureworks said they had analysed a new strain of computer virus and came to the conclusion that it was built by the same people that created GandCrab. It even contains the same mistakes as GandCrab, apparently.

The virus is dubbed either REvil or Sondinokibi. According to the BBC, the malware caused “major disruption” to hundreds of dental practices in the US, as well as 22 Texas municipalities.

Don Smith, director of Secureworks Counter Threat Unit, said his team had the group "bang to rights".

"We weren't surprised the group resurfaced," he added.

"GandCrab offered a good return for criminal actors. It's unlikely an existing and proficient group would just walk away from that. It's possible that they wanted to reduce the overall attention that was focused on the GandCrab 'brand' and have relaunched with a new product."

The group is thought to be Russian.

Their previous work, GandCrab, allegedly made them more than $2bn, which is why its creators decided to call it quits. The ransomware, which can still be found in the wild today, has been operating since early 2018.