Skip to main content

GandCrab ransomware crew returns from exile

(Image credit: Image Credit: Sergey Nivens / Shutterstock)

The group of hackers behind the now infamous GandCrab ransomware appear to have returned from their self-impsoed retirement.

Researchers from Secureworks said they had analysed a new strain of computer virus and came to the conclusion that it was built by the same people that created GandCrab. It even contains the same mistakes as GandCrab, apparently.

The virus is dubbed either REvil or Sondinokibi. According to the BBC, the malware caused “major disruption” to hundreds of dental practices in the US, as well as 22 Texas municipalities.

Don Smith, director of Secureworks Counter Threat Unit, said his team had the group "bang to rights".

"We weren't surprised the group resurfaced," he added.

"GandCrab (opens in new tab)offered a good return for criminal actors. It's unlikely an existing and proficient group would just walk away from that. It's possible that they wanted to reduce the overall attention that was focused on the GandCrab 'brand' and have relaunched with a new product."

The group is thought to be Russian.

Their previous work, GandCrab (opens in new tab), allegedly made them more than $2bn, which is why its creators decided to call it quits. The ransomware, which can still be found in the wild today, has been operating since early 2018.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.