SSI ATR – GrandCrab – McAfee analyzes Sodinokibi

McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019.

Around this same time, the GandCrab ransomware crew announced they would shut down their operations.

Coincidence ? Or is there more to the story ?

In this series of blogs, we share fresh analysis of Sodinokibi and
its connections to GandCrab, with new insights gleaned exclusively from McAfee ATR’s in-depth and extensive research.

  • Episode 1: What the Code Tells Us
  • Episode 2: The All-Stars
  • Episode 3: Follow the Money
  • Episode 4: Crescendo