Discover some of the most active cyber-attacks in practice by most of the top cyber criminals.
As the ransomware gangs pursue to menace the organization’s cyber security, then it is important to make note of the most notable groups at the moment and their strategies. In today’s world, ransomware gangs continue to evolve and Ransomware-as-a-Service (RaaS), double blackmailing and cross-platform expandability are now common traits.
Here, in this article we have reviewed about the top five ransomware gangs active in today’s world, some of their recent invasions and the strategies that they are establishing.
Hive
Hive, was first emerged in June 2021, gained fame as an incredibly dynamic group targeting the healthcare industries. On 31st May, Hive attacked on the Costa Rican Social Security Fund, which was Costa Rica’s public health service. Other noteworthy case includes the attack on the Missouri Delta Medical Center, where the patient's data was leaked, and on the Memorial Health System in Ohio, where due to the attack acute surgeries and radiology exams had to be postponed. Healthcare organizations have been continuously warned about the ransomware gang, and advised to implement strong cybersecurity systems and defenses by the US Department of Health and Human Services. Hive manages as RaaS and uses the double blackmailing method, where data is swindled as well as encrypted. Their malware design is based on the Golang programming language.
AlphV (BlackCat)
AlphV, also termed as BlackCat, was first discovered by Microsoft in November 2021. It also works as a RaaS and also uses the same double extraction method. This organization is different from others for being the first one to use the RUST programming language. The gang has attacked several high-profile organizations, for instance fashion brand Moncler and the Swissport airline cargo handling service provider. In May 2022, the Austrian Federal State Carinthia was also being targeted and BlackCat enforced for the US$5mn for the decryption of the stolen data. BlackCat extends to grab attention and on 14th June they appeared on a dedicated website to search for the victims for their stolen data, proceeding ransomware operations to the next level. The site discloses the personal information of the employees and clients of the organizations, for instance names, US Social Security Numbers, addresses, emails, and many more.
Lapsus$
Lapsus$ on the very first became active in December 2021. The cybercriminals use their personal Telegram channel to communicate with the public, rather than traditional data leak websites. They also organize polls, giving members to choose who should be targeted next.
According to Microsoft, the hacking group is well known for using a pure blackmailing and destruction model without establishing ransomware payloads. This gang ordinarily focuses on compromising user identification but using compromised credentials. In late March 2022, seven people aged between 16 to 21 were busted in the UK in association to the gang’s activities, in spite of the gang initially believed to be based in Brazil as its very first victim was the nation’s Ministry of Health.
Conti
Conti, thought to be guided by cybercriminal Wizard Spider, adjudged for 20% of attacks in the first three months of 2022, as stated in a report by Digital Shadows. Operating on a double extraction system, they use a multithreading method, which allows to spread the malware easily at a good speed. This group is believed to have bonds to Russia as it released a statement in strong support of the Kremlin’s decision to conquer Ukraine. They are held responsible for several high-profile ransomware attacks, that includes the City of Tulsa and Japanese multinational electronics company JVCKenwood. In May 2022, Costa Rica has to declare a national emergency after Conti has attacked their government systems. Although, in the midst of this attack, the group disbanded. The Conti cybercrime conspiracy will, however, continue to live further, with reports of collaboration with microscale ransomware gangs, like Hive, BlackCat, BlackByte, and many others. Members will extend to these gangs and will also work as a part of those organizations but will still continue to be a part of the larger Conti conspiracy. The Costa Rica attack has been hypothesized to be a publicity stunt as Conti members steadily migrated to other gangs.
LockBit
As a that used double extraction methods, LockBit was held responsible for 38% of ransomware attacks in the months between January and March 2022 according to the reports of Digital Shadows. They presence is since 2019. They used a malware tool named Stealbit which automates data exfiltration. It was released beside LockBit 2.0, which has been conceived as the fastest and most effective encryption system by its creators. They have targeted several large cooperations that includes tyre manufacturer Bridgestone Americas and the French electronics multinational Thales Group. Lockbit has also targeted the French Ministry of Justice, threatened them to release sensitive data.
Top comments (0)