Top 5 Ransomware Groups

Published on
03/03/2022 03:53 PM

To describe the last few years as a ‘cybersecurity pandemic’ would not be an understatement; ransomware groups, or even ransomware gangs, have created a hostile environment for businesses worldwide. According to Sophos, ransomware attacks, fueled by cryptocurrency, were involved in around 79% of all cybersecurity attacks between 2020 and 2021. 

The enterprise is fast moving and new challenges create new opportunities, however ransomware gangs are stronger than ever and it has become increasingly difficult to create new technology that can combat the agility of some of the strongest adversaries in the industry. 

The Log4J attack in December last year revealed the truly devastating impact that ransomware attacks can have. Within the first few days, 40% of corporate networks were affected globally. While many companies are returning to normal, attacks like this can cause long term damage to organisations, and for smaller businesses, can lead to their destruction.


Despite the name, DarkSide’s activities generally fall into an ethical grey area for many cybersecurity commentators. They were notoriously behind the Colonial Pipeline Attack of May 2021, causing $4.4 million in losses, however they have developed an almost Robin Hood like reputation.

Following this attack, they supposedly donated roughly $10,000 to Children International and The Water Project, which they revealed on a darknet forum. Children International refused the donation, however it hasn’t stopped members of the general public from being drawn towards the DarkSide.


Wizard Spider

The magic touch of this ransomware gang allows them to get away with some of the most poisonous activities in the industry. Wizard Spider are primarily known for their collaboration with Viking Spider, Twisted Spider and Lockbit, a syndicate that are regularly referred to as a “ranswomare cartel.” 

One of their most malicious attacks was believed to be against Ireland’s publicly funded healthcare system Health Service Executive. 520 patients’ sensitive information was leaked, hospital appointments were canceled and many people were deprived access to essential radiology appointments. It is believed to be the largest attack against a health service computer system.


Maze (ChaCha Ransomware)

Despite its playful name, ChaCha is one adversary nobody wants to slide with. Also known as Maze, ChaCha laid the groundwork for many ransomware attacks to come. The group managed to be pioneers in stealing information prior to encryption, and if organisations could not pay the ransom, they would publish this information.

These approaches were later adopted by REvil and DoppelPaymer, thus paving the way for many more ransomware attacks to come in the next three years. 


DoppelPaymer, otherwise known as Grief, are believed to be associated with Evil Corp and are just as menacing. They are believed to have also been involved in the Dridex banking Trojan attacks but their impact is more far reaching than that. 

Specifically using cryptocurrency to navigate around regulations, DoppelPaymer have previously used Monero to conduct their ransomware activities. They have also targeted government organisations, previously publishing voter information from Hall County, Georgia.


Evil Corp

Evil Corp, as you might be able to guess from the name, is one of the most notorious ransomware gangs around today. In December 2019, the U.S Justice Department offered a $5 million bounty for information pertaining to their ring leader. 

Evil Corp have previously created a cryptomining malware known as Dridex which serves to steal online banking information from victims via Log4Shell. Reaping havoc everywhere they go, Evil Corp are still on the loose and are yet to face any punishment for their criminal activity.