GandCrab was part of the ruling ransomware in 2018 and 2019. It used to latch on to the target computer and lock it. Moreover, the demand was more than $2,000 in Bitcoin or Dash for getting the decryption key for access. The minds behind this ransomware had made it clear that they were closing shop as they had made enough money. More than 2 billion dollars was earned with GandCrab

At SecureWorks, researchers have currently spotted new ransomware that mimics GandCrab in coding. It possible may well as be an evolved version.

Fears Behind Pegging REvil To GandCrab

Deadly Ransomware Has Made Comeback with a New Name
Image Credits – Air Force Reserve Command

Researchers have come up with a list of reasons why they think GandCrab or the linking to REvil is of the same nature as GandCrab:

  • String decoding functions share the same set of protocols
  • Both share URL binding functionality for controlling servers using commands
  • Usage of similar terms like ‘gcfin’ and ‘gc6’ in the coding stem
  • Decryption codes may be just the abbreviation pseudonyms for GandCrab
  • Favoritism to Russians as the layout of keywords prevent from defecting Russian stations

However, in spite of the similarities, it is not certain that Revil is actually an evolved version of GandCrab. It may be the work of a lone wolf in the dark world.

Though the operations of GandCrab were transparent and mentioned names, REvil, however, values their privacy and is very strict about disclosing of names of any individual from their team

REvil is set to climb the ladder of being the most prolific ransomware of our times. You must update your systems whenever you get a notification for safety. Though nothing can be said for certain regarding the links between GandCrab and REvil, however, the damage they can ensure is not debatable.


Please enter your comment!
Please enter your name here