Top XNUMX deadliest ransomware groups in the world

Xiaobai Software  2022-08-02 12: 12  read 32 views

Ransomware is a significant threat vector, costing businesses, corporations and infrastructure operators billions of dollars each year.Behind these threats are professional ransomware gangs that create and distribute malware that makes attacks possible.

Some of these gangs attack victims directly, while others employ the popular ransomware-as-a-service (RaaS) model that enables affiliates to extort specific organizations.


As the threat of ransomware continues to rise, understanding the enemy and how they operate is the only way to stay ahead.So here is a list of the five deadliest ransomware groups disrupting the cybersecurity landscape.

1. REvil


REvil Ransomware Group, aka Sodinokibi, is a Russia-based ransomware-as-a-service (RaaS) operation that first emerged in April 2019.It is considered one of the most ruthless ransomware groups.

The group has quickly attracted the attention of cybersecurity professionals for its technical prowess and boldness to pursue high-profile goals. 2021 is the most profitable year for the group as it targets multiple multinationals and disrupts several industries.

main victim

In March 2021, REvil attacked electronics and hardware company Acer and compromised its servers.The attackers demanded $3 million for decryption keys and threatened to increase the ransom to $5000 million if the company did not meet the group's demands.

A month later, the group carried out another high-profile attack on Apple supplier Quanta Computer.It attempted to blackmail Quanta and Apple, but neither company paid the $5000 million demanded.

The REvil ransomware group continues its hacking spree, targeting JBS Foods, Invenergy, Kaseya, and a number of other businesses. JBS Foods was forced to temporarily shut down its operations and paid a bitcoin ransom of around $1100 million to resume operations.

Cassia's attack brought some unwanted attention to the group, as it directly affected more than 1500 businesses around the world.Following some diplomatic pressure, Russian authorities arrested several syndicate members in January 2022 and seized assets worth millions of dollars.But the disruption was short-lived, as the REvil ransomware gang has been up and running since April 1.

2. Conti


Conti is another notorious ransomware gang that has been in the headlines since late 2018.It uses a double extortion method, which means the gang withholds decryption keys and threatens to reveal sensitive data if the ransom is not paid.It even runs a leak site, Conti News, to publish stolen data.

What sets Conti apart from other ransomware groups is the lack of ethical constraints on its targets.It has carried out several attacks in the education and medical sectors and demanded millions of dollars in ransom.

main victim

The Conti ransomware group has long targeted critical public infrastructure such as healthcare, energy, IT and agriculture. In December 2021, the group reported that it had hacked Indonesia's central bank, stealing up to 12GB of sensitive data.

In February 2022, Conti attacked SEA-invest, an international terminal operator.The company operates 2 seaports in Europe and Africa, specializing in dry bulk, fruit and food, liquid bulk (oil and gas) and containers.The attack affected all 24 ports and caused significant disruption.

Conti also hacked into Broward County Public Schools in April and demanded a $4 million ransom.The group leaked the stolen files on its blog after the region refused to pay the ransom.

Recently, the President of Costa Rica had to declare a national emergency following attacks on several government agencies by Conti.

3. DarkSide


The DarkSide ransomware group follows the RaaS model, targeting large corporations to extort large sums of money.It does this by entering a company's network, often through phishing or brute force, and encrypting all files on the network.

There are several theories about the origin of the DarkSide ransomware group.Some analysts believe its base is in Eastern Europe.Others believe the group has franchises in multiple countries.

main victim

The DarkSide group has made huge ransom demands but claims to have a code of conduct.The group claims it never targets schools, hospitals, government agencies and any infrastructure that affects the public.

However, in May 2021, DarkSide conducted an attack on the Colonial Pipeline and demanded a ransom of $5 million.It was the largest cyberattack on oil infrastructure in U.S. history, disrupting gasoline and jet fuel supplies in 500 states.

The incident sparked a discussion about the security of critical infrastructure and how governments and businesses must work harder to protect it.

After the attack, DarkSide Group tried to clear its name by blaming third-party affiliates.However, the group decided to shut down its operations following mounting pressure from the United States, The Washington Post reported.

4. DoppelPaymer


The DoppelPaymer ransomware is the successor to the BitPaymer ransomware that first emerged in April 2019.Using an unusual method, it called victims and demanded a ransom in Bitcoin.

DoppelPaymer follows a dual ransomware pattern.The group's activity declined in the weeks following the Colonial Pipeline attack, but analysts believe it renamed itself the Grief Group.

main victim

DopplePaymer regularly targets oil companies, automakers, and key industries such as healthcare, education, and emergency services.This is the first ransomware that killed a patient in Germany after emergency services were unable to communicate with a hospital.

The group made headlines when it released voter information in Hall County, Georgia.Last year, it also hacked into customer-facing systems of Kia Motors in the United States and stole sensitive data.The group demanded a ransom of 404 bitcoins, roughly the equivalent of $2000 million at the time.

5. LockBit


LockBit has been one of the most prominent ransomware gangs of late due to the decline of other groups.Since its first appearance in 2019, LockBit has seen unprecedented growth and has greatly evolved its tactics.

LockBit started out as a low-key gang but gained traction with the launch of LockBit 2021 in late 2.0.The gang follows the RaaS model, employing double extortion tactics to extort victims.

main victim

LockBit is currently an influential ransomware group, accounting for over 2022% of all ransomware attacks in May 5.It attacks organizations in the United States, India and Europe.

Earlier this year, LockBit targeted the French electronics multinational Thales Group, threatening to leak sensitive data if the company did not meet the group's ransom demands.

It also hacked the French Ministry of Justice and encrypted their files.The group now claims to have hacked the Italian tax agency (L'Agenzia delle Entrate) and stole 100GB of data.

Protection from ransomware attacks

Ransomware remains a thriving black market industry, bringing in billions of dollars a year for these notorious gangs.Given the economic benefits and the growing popularity of the RaaS model, the threat is bound to increase.

As with any malware, being vigilant and using proper security software is the right direction to fight ransomware.If you're not ready to invest in an advanced security tool, you can use Windows' built-in ransomware protection tools to keep your PC safe.

Address of this article:
Copyright Notice:The article only represents the author's point of view, the copyright belongs to the original author, welcome to share this article, please keep the source for reprinting!