Hints of a connection between GandCrab and Sodinokibi ransomware get stronger as researchers find code-level similarities and artifacts suggesting continued operations. The two malware families used nearly-identical string decoder functions. The URL building functionality used for producing the link for the command and control (C2) server is the same as it was with Sodinkibi. A string created in the beta version of REvil was left in the malware, probably by mistake. The string created during development, created by mistake, is the string used by the malware’s creator.
Source: https://www.bleepingcomputer.com/news/security/shared-code-links-sodinokibi-to-gandcrab-minus-the-fun-and-games/