A notorious group of hackers, believed to have disbanded, have reappeared amid a wave of new cyber-attacks being carried out across the world.
Researchers at a leading cyber-security company reached their conclusion after analyzing of a new type of computer virus.
Secureworks provides threat intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyber-attacks.
The company claim the attackers are thought to be the GandCrab crew, possibly Russians, who previously sold customized ransomware to other criminal groups.
Their code had scrambled data on victims’ computers and demanded blackmail payments to decrypt it. It is estimated to have affected more than 1.5 million machines, with hospitals among those affected.
In May, the group had surprised many in the security industry when it announced it was “retiring” after earning more than $2bn (£1.6bn) from the trade.
Someone claiming to be part of the group, which had been active since about January 2018, claimed it had “cashed out” its earnings and quit the business. However, Secureworks has linked the group to a new strain of ransomware called REvil or Sondinokibi.
The malware has caused major disruption to hundreds of dental practices in the US as well as 22 Texas municipalities.
Researchers say not only is the code similar to that of the earlier attacks but that it contains similar mistakes.
Don Smith, director of Secureworks Counter Threat Unit, said his team had the group “bang to rights”. He added:
We weren’t surprised the group resurfaced, …GandCrab offered a good return for criminal actors. It’s unlikely an existing and proficient group would just walk away from that. …It’s possible that they wanted to reduce the overall attention that was focused on the GandCrab ‘brand’ and have relaunched with a new product.
Source: BBC News