GandCrab was part of the ruling ransomware in 2018 and 2019. It used to latch on to the target computer and lock it. Moreover, the demand was more than $2,000 in Bitcoin or Dash for getting the decryption key for access. The minds behind this ransomware had made it clear that they were closing shop as they had made enough money. More than 2 billion dollars was earned with GandCrab
At SecureWorks, researchers have currently spotted new ransomware that mimics GandCrab in coding. It possible may well as be an evolved version.
Fears Behind Pegging REvil To GandCrab
Researchers have come up with a list of reasons why they think GandCrab or the linking to REvil is of the same nature as GandCrab:
- String decoding functions share the same set of protocols
- Both share URL binding functionality for controlling servers using commands
- Usage of similar terms like โgcfinโ and โgc6โ in the coding stem
- Decryption codes may be just the abbreviation pseudonyms for GandCrab
- Favoritism to Russians as the layout of keywords prevent from defecting Russian stations
However, in spite of the similarities, it is not certain that Revil is actually an evolved version of GandCrab. It may be the work of a lone wolf in the dark world.
Though the operations of GandCrab were transparent and mentioned names, REvil, however, values their privacy and is very strict about disclosing of names of any individual from their team
REvil is set to climb the ladder of being the most prolific ransomware of our times. You must update your systems whenever you get a notification for safety. Though nothing can be said for certain regarding the links between GandCrab and REvil, however, the damage they can ensure is not debatable.