Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Ransomware: New file-encrypting attack has links to GandCrab malware, say security researchers

September 25, 2019
in Internet Security
Ransomware: The cost of rescuing your files is going up as attackers get more sophisticated
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Ransomware: 11 steps to help keep hackers at bay
Falling victim to ransomware could put your vital business or personal data at risk of being lost forever. These steps can help bolster your defences.

A new form of ransomware shares a number of links with the GandCrab malware according to security company researchers, even though the developers of that infamous piece of ransomware earlier this year claimed to have retired.

You might also like

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

Linux Mint may start pushing high-priority patches to users

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

GandCrab was one of the most successful families of ransomware during 2018 and 2019, with its authors offering it out ‘as-as-service’ in exchange for a cut for the profits. In June, they suddenly announced they were retiring, claiming to have earned over $2 billion since GandCrab first emerged in January 2018.

Many were sceptical as to whether the GandCrab crew had really ceased operations and now researchers have uncovered technical links between GandCrab and another form of ransomware – REvil – which suggest that the two forms of malware have the same authors.

REvil – also known as Sodinokibi – first emerged shortly before GandCrab ceased operation and has gone onto become one of the most prominent families of ransomware of 2019.

Now security researchers in the Secureworks Counter Threat Unit have detailed what they believe to be links which demonstrate that the developers of GandCrab – who they refer to as Gold Garden – are also responsible for REvil, which could have started life as a new version of GandCrab.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

“It certainly shares some code overlap with GandCrab and there are even artefacts in there which suggest that it was intended to be an evolution of GandCrab and they decided that GandCrab was ripe for a reband and relaunch,” Rafe Pilling, information security researcher at Secureworks told ZDNet.

Analysis of REvil found that the string decoding functions employed by REvil and GandCrab are nearly identical, suggesting a strong link between the two forms of ransomware. REvil and GandCrab also share URL building functionality which produces the same URL patterns for command and control servers.

“When we see things like that, it’s a tell-tale which suggests the code has been shared,” said Pilling.

There’s also evidence that REvil was initially just intended to be a new version of GandCrab ransomware, as analysis of a beta version of REvil reveals that there are lines in the code which appear to be references to GandCrab. These include ‘gcfin’, which researchers believe stands for ‘GandCrab Final’, and ‘gc6’ which is believed to stand for GandCrab 6.

With those behind GandCrab famous for running a slick operation, it’s likely that these references to their original ransomware are a mistake – but it has enabled researchers to directly link REvil to the same group.

In addition to the similarities in the code, both REvil and GandCrab whitelist certain keyboard layouts so as to not infect Russian-based hosts. While this doesn’t directly link the two operations, it does suggest they are based in the same region.

When Gold Garden pulled GandCrab it was still running a successful operation, with a new build of the ransomware having only recently been released to counter a free decryption tool. However, it’s possible that the attackers introduced REvil to refresh their operations in an effort to keep one step ahead of law enforcement and security professionals.

REvil has already become one of the most high profile forms of ransomware and researchers warn that it’s set to replace GandCrab as the widespread ransomware threat.

To limit the damage of ransomware attacks, it’s recommended that organisations regularly backup their data and to patch systems to protect against cyber attacks which spread by exploiting old vulnerabilities.

READ MORE ON CYBERCRIME

Credit: Zdnet

Previous Post

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

Next Post

Guide to Data Tools & Solutions: CDPs, DMPs, CRMs, Data Warehouses & More

Related Posts

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Google addresses customer data protection, security in Workspace
Internet Security

Google addresses customer data protection, security in Workspace

March 2, 2021
Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
Next Post
Guide to Data Tools & Solutions: CDPs, DMPs, CRMs, Data Warehouses & More

Guide to Data Tools & Solutions: CDPs, DMPs, CRMs, Data Warehouses & More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Yum! Brands Acquires AI Company
Machine Learning

Yum! Brands Acquires AI Company

March 3, 2021
Customer Experience Management and Improvement
Marketing Technology

Customer Experience Management and Improvement

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha
Machine Learning

Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha

March 3, 2021
The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021
Neural Networks

The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021

March 3, 2021
Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs
Marketing Technology

Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Yum! Brands Acquires AI Company March 3, 2021
  • Customer Experience Management and Improvement March 3, 2021
  • New app rollout helps reduce paperwork for NSW frontline child protection caseworkers March 3, 2021
  • Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates