Researchers at cyber-security company Secureworks say they reached their conclusion after analysing a new strain of computer virus.
They claim the culprits are the GandCrab crew.
The gang is thought to be Russian and previously sold customised ransomware to other criminals.
Their code had scrambled data on victimsâ computers and demanded blackmail payments to decrypt it. It is estimated to have affected more than 1.5 million machines, with hospitals among those affected.
In May, the group had surprised many in the security industry when it announced it was âretiringâ after earning more than $2bn (ÂŁ1.6bn) from the trade.
Someone claiming to be part of the group claimed it had âcashed outâ its earnings and quit the business.
It had been active since about January 2018.
But Secureworks has linked the group to a new strain of ransomware called REvil or Sondinokibi.
The malware has caused major disruption to hundreds of dental practices in the US as well as 22 Texas municipalities.
Kik messenger app shutdown, as company focuses on cryptocurrency
Researchers say not only is the code similar to that of the earlier attacks but that it contains similar mistakes.
Don Smith, director of Secureworks Counter Threat Unit, said his team had the group âbang to rightsâ.
âWe werenât surprised the group resurfaced,â he added.
âGandCrab offered a good return for criminal actors. Itâs unlikely an existing and proficient group would just walk away from that.
âItâs possible that they wanted to reduce the overall attention that was focused on the GandCrab âbrandâ and have relaunched with a new product.â
[Source: BBC]
Lanre News | Latest News in Nigeria | Africa | Worldwide
