Is ‘REvil’ the New GandCrab Ransomware?

Despite the cyber criminals behind GandCrab having announced they are shutting down their operation, cybersecurity expert Brian Krebs observes that a growing body of evidence suggests they have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” In late April, researchers at Cisco Talos discovered the REvil ransomware strain being used to deploy GandCrab. The connection between REvil and GandCrab are one of the possible hints of their originators being the same entity, but Krebs also points to similarities in regions of the world to which they are deployed (or not deployed). There are also similarities between the ways that both GandCrab and REvil generate URLs that are used as part of the infection process. Part of the reason for switching to a new type of ransomware is to get away from the significant amount of attention from security researchers and law enforcement investigators, reasons Krebs. He adds that it seems highly unlikely that such a successful group of cybercriminals would just walk away from such an insanely profitable enterprise. Read the article at Krebs on Security.