Infamous hacker group, GandCrab, have ‘come out of retirement’ and appear to be behind a wave of new attacks being carried out across the world
According to the BBC, the hacker group’s code scrambles data on victims’ computers and to decrypt it they demand blackmail payments. An estimated that 1.5 million machines, including hospitals, are already affected.
Secureworks said after analysing a new strain of computer virus they linked it to the specific gang. The new strain of ransomware called REvil or Sondinokibi.
The malware has caused major disruption to hundreds of dental practices in the US as well as 22 Texas municipalities.
The group is thought to be Russian, and previously sold customised ransomware to other criminals. They announced in May they were ‘retiring’ since they had earned more than $2bn (£1.6bn).
The criminals have thought to have been active since January 2018.
Dr. Guy Bunker, CTO of Clearswift:
“Ransomware remains a lucrative business and while it’s been headline news for a number of years there are still organisations which have not taken precautions to protect themselves, their people, data and clients from attack, which means there is still opportunity for the likes of GandCrab. Furthermore, with the ongoing commercialisation of malware, there are other opportunities for bespoke or customised malware to be developed and sold to the highest bidder. Of course, it’s not just the actual malware, there is the other pieces of an attack which need to be orchestrated, such as the spear phishing attack or Business Email Compromise attack with weaponised documents.
“For commercial organisations, the re-emergence of GandCrab should have little impact on their day-to-day security, as they should already be protecting against the myriad of other groups and threats. However, stories such as this should act as a catalyst for organisations to test their cyber disaster recovery plans. Without a plan the impact of an attack could be catastrophic, even with a plan, it needs to be tested and regularly reviewed and updated to ensure that it keeps up with the threats. Employees need an education and awareness program to ensure that they are kept up-to-date with new scams and attacks, learning about identifying the threat and what to do should they suspect one. As fast as threats change, so does the technology to help mitigate them. Understanding what new technology can do to protect the organisation is important, and if required can then be planned for implementation.”
The post Infamous hacker group, GandCrab ‘come out of retirement’ with new wave of global attacks appeared first on PrivSec Report.