Four most dangerous and destructive ransomware groups of 2022

Share post:

With ransomware attacks becoming one of the most dangerous cyber threats in the world, Tech Republic has identified four of the most dangerous and destructive ransomware groups of 2022.

ALPHV, also known as BlackCat, is at the top of the list. It specializes in ransomware-as-a-service, where it delivers the malware and infrastructure to partners who then carry out the actual attacks. ALPHV is allegedly associated with the BlackMatter/DarkSide group, which was responsible for the infamous ransomware attack on the Colonial Pipeline in 2021.

The second, Black Basta, is a Ransomware-as-a-Service (RaaS) group consisting of former Conti and REvil ransomware gang members with whom it shares tactics, techniques and procedures. It increasingly infiltrates organizations by exploiting unpatched security flaws and publicly available source code. It also frequently employs double extortion tactics and threatens to disclose the stolen data publicly if the ransom is not paid. DDoS attacks are also used by the group to induce their victims to pay the ransom.

Hive, the third focuses on the industrial sector, academic and educational services, science and healthcare companies, as well as energy, resource, and agriculture companies. It reportedly hires penetration testers, access brokers, and threat actors to encrypt hundreds of megabytes to more than four gigabytes of data per minute.

The fourth is the LockBit 3.0 ransomware. Allegedly, it contained an updated data leak blog, a bug bounty program and new ransomware features. It prefers low-profile attacks and tries to avoid making headlines. The TTPs and software of the gang are constantly evolving and adapting. LockBit also employs a proprietary information stealer known as StealBit, a file grabber, which clones files from the network of the victim quickly into a LockBit-controlled infrastructure.

The sources for this piece include an article in TechRepublic.


Related articles

London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds...

Microsoft cancels universal Recall release in favor of Windows Insider preview

Microsoft has decided to cancel the wide release of Recall, the controversial tool for Copilot+ PCs, and instead...

Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th,...

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways