GandCrab

June 3, 2019

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

This post was originally published on this siteFor almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it. On May 25, The New York Times cited […]
July 15, 2019

Is ‘REvil’ the New GandCrab Ransomware?

This post was originally published on this siteThe cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” “We are getting a well-deserved retirement,” the GandCrab administrator(s) wrote in their farewell message on May 31. “We are a living proof that you can do evil and get off scot-free.” However, it now […]
May 18, 2020

This Service Helps Malware Authors Fix Flaws in their Code

This post was originally published on this siteAlmost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. It is not uncommon for crooks who sell malware-as-a-service offerings such as trojan horse programs and botnet […]
August 5, 2021

Ransomware Gangs and the Name Game Distraction

This post was originally published on this siteIt’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. A rough timeline of major ransomware operations and their reputed links over time. Reinvention is a basic survival skill in the cybercrime business. Among […]