When it comes to cyber security, ransomware has become one of the biggest threats to organizations around the globe. According to a research conducted by Emsisoft, the average requested ransom has grown from $5,000 in 2018 to $200,000 in 2020


With so many ransomware attacks succeeding in robbing organizations out of huge sums of money, numerous vicious ransomware gangs have popped up over the years.


These gangs keep coming up with new and more sophisticated methods of extorting money from businesses, resulting in rising  cyber crimes. These days,  ransomware gangs are getting more and more aggressive in their pursuit of payments. Many of these groups have begun stealing sensitive documents and data. They often threaten to leak stolen files and data if victims don’t pay the ransom demanded. 


Worried yet? Well, you should be!


The only way to stay ahead of the threat is to know your enemy and how they operate. So, here is a list of some of the deadliest ransomware gangs disrupting the current cyber security landscape. 


#1 Conti (Also Called IOCP Ransomware)

Amongst all the vicious ransomware gangs on the rise, Conti is one of the first names on the top of this list. The FBI has linked the Conti ransomware group to over 400 cyber attacks on organizations around the globe, with demands going as high as $25 million.


In addition to being one of the most ambitious ransomware gangs, Conti is also the most untrustworthy and unreliable of all. In several cases, the gang refused to give the victims their data back even after the ransom was paid!


One of the most high-profile attacks by the Conti ransomware gang was on Florida’s Broward County Public Schools, where the hackers demanded a ransom of a whopping $40 million. The group also attacked the Irish Health Service Executive, causing delays in cancellation of patient appointments and COVID-19 tests in Ireland. It is also known for attacking a government board in New Zealand and a government agency in Scotland


Conti employs the popular double extortion technique to get the victim organizations to pay up. This involves encrypting all their files and data as well as threatening to leak it, if the ransom isn’t paid. The group has been known for posting the data of several of its victims on its dark web site.


One of the biggest leaks by Conti was of 3 GB of data from Advantech, a renowned manufacturer of chips for IoT devices. Also, the Conti gang leaked 20 files belonging to the Scottish Environment Protection Agency (SEPA), claiming it was only a fraction of what was actually stolen.

Data Leaked by Conti Ransomware
Leaked Data on Conti’s Website (Source: ZDNet)


#2 REvil (Also Called Sodinokibi)

Counted amongst the most ruthless ransomware gangs, REvil is an infamous private ransomware-as-a-service (RaaS) group, which is held responsible for several notorious ransomware attacks on organizations worldwide.


As per an article by Dark Reading, REvil was the most common ransomware variant responsible for 25% of ransomware attacks from January 2021 to July 2021. According to an article by Cyber Talk, In 2021, at least 360 US-based organizations have been attacked by the REvil ransomware group and the gang has earned over $11 million.


These hackers have pulled off several high-profile attacks on renowned enterprises like the Apple supplier Quanta Computer Inc., meat supplier JBS, tech giant Acer, software provider Kaseya and the renewable energy company Invenergy


The REvil ransomware gang issues the threat of publishing the stolen information on its page, Happy Blog, if targeted organizations do not pay the ransom after falling victim to launched cyber attacks. Already, sensitive documents and data of several companies worldwide have been leaked online courtesy of REvil. 

Data Leaked by REvil Ransomware Gangs
Leaked Data on REvil’s Happy Blog (Source: ZDNet)


#3 DarkSide Ransomware Gang

While relatively new, DarkSide has successfully made its place amongst the infamous ransomware gangs of this era. Believed to have been originated in Eastern Europe, the DarkSide ransomware group made its first appearance in August 2020 and donated $10,000 stolen from organizations to charity. Operating as a ransomware-as-a-service (RaaS), this gang has already targeted organizations spanning across 15 countries and numerous industry verticals.


DarkSide is known for targeting large, high-revenue organizations, encrypting and stealing their sensitive data. One of the most devastating attacks launched by this ransomware group was on Colonial Pipeline, which was forced to shut down operations for several days. In addition to locking the systems at Colonial Pipeline, the group also stole more than 100 GB corporate data


Much like the other ransomware gangs on the prowl these days, DarkSide not only asks for money to decrypt the encrypted data but also threatens to leak the sensitive data if the victims refuse to pay. However, the gang’s most atypical and surprising characteristic is that it actively tries to maintain a reputation for operating ethically.


It often issues press releases and has donated some of its earnings to charities. Moreover, it has established a ‘customer service’ division for ensuring perfect restoration of the victims’ systems once the ransom has been paid. 

Data leaked by DarkSide Ransomware Group
Leaked Data on DarkSide’s website (Source: ZDNet)


#4 Clop Ransomware Group

Clop is another prominent name on the list of the most notorious ransomware gangs terrorizing organizations across the world. Having been linked to a large number of high-profile hacks, the Clop ransomware group is responsible for the attacks on companies like the jet manufacturer Bombardier, residential mortgage servicer Flagstar Bank, security firm Qualys and the Universities of Miami and Colorado


Just like several other ransomware gangs, Clop steals unencrypted data, encrypts the victim’s network and threatens to leak the stolen information if the demanded ransom is not paid. However, the group has also started using a new tactic to apply maximum pressure on the victims for paying the ransom.


It contacts the customers of the victim companies via email, urging them to make the company pay. These emails inform the customers that their personal information like phone numbers, financial information and email addresses, will be leaked on a Dark Web site if the ransom is not paid by the companies!

Data Leaked by Clop Ransomware Gangs
Data Leaked by Clop on its Dark Website (Source: ZDNet)


#5 Netwalker (Also Called Mailto)

Another one of the dangerous ransomware gangs haunting organizations worldwide is Netwalker. The gang has brought in more than $30 million in ransoms since their appearance. Having been responsible for crippling several hospitals, schools and government agencies throughout the world.


Some of the most notable victims of the Netwalker ransomware include the Crozer-Keystone Health System, the Australian transport company Toll Group, California University’s COVID research sector, the Austrian city of Weiz, Argentina’s official immigration agency and Pakistan’s largest private power utility K-Electric


As soon as Netwalker launches a successful attack, it presents the victim company with a ransom note that demands a certain amount of money in exchange for decrypting the compromised data.


The group instantly publishes a sample of the stolen data on its dark website as proof of the breach. It provides victims with this evidence and threatens to publish the rest of the data if the ransom isn’t paid.

Data Leaked by Netwalker Ransomware Gang
Leaked Data on NetWalker’s Dark Website (Source: ZDNet)



With the above-mentioned and many other deadly ransomware gangs hunting organizations for money, it has become essential to take all the necessary precautions to prevent your business from becoming the next victim.


The best way of keeping your company safe is to make sure that all of its members are on the lookout for such threats. The only way of ensuring that your employees are capable of being vigilant is providing them with effective cyber security awareness training.  


Implement a useful cyber security awareness training tool like ThreatCop to make sure that your employees are cyber resilient and prepared to take on cyber attack attempts. Transforming your workforce into a line of defence against cyber attack is the most effective way of keeping your business safe. 

Get your hands on the latest DMARC report!

Check out the latest trends in Email Security

Leave a comment

Your email address will not be published. Required fields are marked *