2022’s Most Prolific Ransomware Gangs And How To Protect Yourself

Cybercrime and its perpetrators have been in the news plenty in 2022.

From the digital front in the Russian war on Ukraine to Costa Rica declaring a state of emergency over multiple hacks; it’s been a significant year for hackers and those battling against them. 

Compared to the past when hackers mostly operated solo, nowadays, they tend to be part of major organized criminal gangs making multi-million dollar ransom demands. 

Some gangs are both massive and dangerous, and these are the ones we’re going to look at here. We’ve put together a list of the seven most prolific ransomware gangs of 2022. 

1.) LockBit

LockBit put themselves out there as a hacker gang – they launched a bounty program in 2022 offering people cash rewards for data that will help them find a way into a company. 

Along with this publicity stunt, they’re keen to talk to the media. In May 2022, they were in touch with vx-underground.

LockBit shared data that proved they’d hacked 12,125 businesses or organizations, including the French Ministry of Defense. 

Considering that the average ransomware payment is more than $200k, this gang has pretty big coffers. 

2.) REvil

The end of REvil was right at the start of 2022 when many in the ransomware gang were arrested.

However, the group’s site on the dark web made a comeback in 2022, and it looks like they’re up to their old tricks. 

REvil has a slew of famed ransomware attacks to their name, famously being behind hacks against:

  • JBS Foods, which caused supply problems across the US;
  • Qantas, an Apple supplier;
  • 1,500 businesses, known as the Kaseya hack.

Their 2022 exploits have included going after Oil India with a ransom demand of $7.5 million.

The attack followed the gang’s standard trope of stealing data and encrypting the data left in the company, known as double extortion. 

3.) BlackCat

This ransomware gang is pretty fresh on the scene, first being recognized as a threat in 2021.

What sets this group apart is their use of the RUST coding language. It’s known as a very secure language, and so few organizations have defenses against BlackCat attacks. 

Another marker that makes BlackCat a big threat is their quadruple attack strategy. They work on:

  • Data theft;
  • Data encryption;
  • Denial of service;
  • And harassment.

In order to get their targets to pay up. 

One of their famous attacks of 2022 was against the Austrian federal state of Corinthia, where they demanded a ransom of $5 million.

They also were able to get into a US Department of Defense contractor, NJVC

4.) Conti

Conti has been an infamous ransomware gang since 2018, even running its own website where it regularly published the data it leaks.

What makes Conti such as threat is their willingness to go after public infrastructure, including a notorious attack against the Costa Rican government, which led to a state of emergency being declared. 

Indeed, the US State Department even called the technology the gang uses “the costliest strain of ransomware ever documented”, with $150 billion paid out.

No wonder there is a $10 million bounty for information about Conti’s leaders. 

While rumors that Conti has disbanded began in the middle of 2022 when their website and chat feature got taken down, it’s also said that they have reorganized as smaller groupings. 

5.) Darkside

Known for their phishing attacks and brute force techniques to infiltrate networks, Darkside were behind one of the biggest hacks of 2021.

They got the old login credentials of a former employee and were able to disrupt gas supplies across the Eastern USA when they hacked Colonial Pipeline

Security analysts can’t decide where the leadership is based – they could be anywhere between Iran, Russia, and Poland or even be a franchise model. 

Wherever they are, they haven’t struck out in quite the same way since Colonial – but the repercussions have been felt far into 2022. 

6.) Hive

At the same time that Conti was going after the Costa Rican government in May 2022, Hive also went in and attacked the Social Security Fund of the country. 

The group is known for the very real effects of their hacks.

They tend to go after public infrastructure and have attacked hospitals, delaying access to healthcare for patients on the ground.

For example, a Louisiana hospital had 270,000 patient records leaked in a December 2022 hack.

7.) Lapsus$

Lapsus$ operate through a dedicated Telegram channel rather than a website and have done so since they started ransomware operations in December 2021.

In the channel, members are invited to vote on who the group targets next.

What stands Lapsus$ apart is that they don’t actually use traditional ransomware. Rather, they simply extort and destroy data if money isn’t handed over.

Their first target of this tactic was the Brazilian Ministry of Health and they’ve since gone on to hit Uber, Microsoft, and Nvidia in 2022. 

A group of teenagers was arrested in the UK in March 2022, but that hasn’t stopped the group’s hacking. 

Protect Yourself From Hackers And Ransomware

These prolific ransomware gangs might be going for the big fish and demanding millions of dollars to reverse their harm, but it’s not just mega-corporations that need to be wary. 

As we saw with Conti’s attack on Colonial Pipeline and the bounties being offered by LockBit, anyone can be fair game.

You need to keep your personal data safe to protect yourself, your business or employer, and your community. 

To do that, you can follow these simple steps:

1.) Keep Your Software Updated

Install updates on your phone, tablet, and computer as soon as possible to make sure you have recent security patches;

2.) Download A VPN

Especially when using public internet connections, you need to protect the flow of data between your device and the internet;

3.) Be Skeptical

Emails that you weren’t expecting or offering too-good-to-be-true deals are likely hackers looking to harvest your personal details;

4.) Beef Up Security

Two-factor authentication protects you and your data by requiring a code from an SMS, email, or app before a login is authorized.

The Worst Ransomware Gangs

Ransomware has become a major industry, with Ransomware-as-aService technology making it easier for criminals to get into and damage corporate data.

These gangs look for vulnerabilities everywhere so you need to keep yourself and your devices safe and protected. 

Share this post:

Related Content