The Everest ransomware emerged in the second half of 2018, making attacks on several companies and large organizations, one example was the attack on the Brazilian government, more specifically on the national treasury and also on a network of the Attorney General of the National Treasury, these attacks were carried out in August 2021. The Everest ransomware is part of

FiveHands Ransomware, also known as Hello Kitty ransomware, was discovered by CISA (Cybersecurity and Infrastructure Security Agency), a U.S. agency focused on cybersecurity, and its attacks have been going on since May 2020. The group uses the double extortion method, which in addition to blocking the files also threatens to leak them, this tactic is used to pressure the victim

Alpha Ransomware first appeared in July 2016, since then it has been active. The group performs attacks and breaks into systems with a similar method as other ransomware, but it has something different, after breaking into the system the first thing it does is create an automatic execution called Microsoft, and with this execution even if the victim shuts down or

The Spook ransomware is a derivation of the Prometheus ransomware, which in turn is a derivation of the Thanos ransomware. This is a good example of how some ransomware groups act. Constant attacks can bring unwanted attention from authorities to the group. When this happens, the group’s activities are shut down, and after some time the same tactics used by

The Clop ransomware emerged in mid-February 2019. Six members of the group were arrested in June 2021 in Ukraine following an investigation by International police (from Ukraine, the United States and South Korea), but the group is still active. The group was responsible for many attacks on large companies, and caused an estimated $500 million in damages. The attacks were

Haron ransomware is relatively new, along with Blackmatter ransomware and AvosLocker it has been vying for the spot left by REvil Sodinokibi and Darkside and especially Avaddon ransomware which seems to be Haron’s direct predecessor. The Haron group follows a “good manners” norm, they restrict attacks to specific sectors such as: Hospitals. Critical infrastructure facilities (nuclear power plants, power plants, water treatment facilities).

Avos Locker ransomware comes as a response to the “retirement” of larger groups that were prominent with successful attacks around the world such as REvil Sodinokibi and Darkside. But it is not alone, Blackmatter ransomware is also in contention for that space. The Avos Locker ransomware emerged in late June 2021, the group has adopted the RaaS (Ransomware as a service) tactic which is the outsourcing

Ragnar Locker Ransomware acts differently from other ransomware, because in addition to invading the system and encrypting the data, it also shuts down installed programs that could cause you some risk (such as software updaters and anti-malware) and that can somehow fight the ransomware attack and stop its system invasion. This Ransomware emerged in late 2019, and like many other

RansomEXX is part of the group that has been most active recently, this group consists of Defray 777 and Ransom X ransomware. Together, they are responsible for hundreds of attacks worldwide. RansomEXX was developed to attack Windows operating systems, but over time it has been updated and can also attack Linux operating systems, although Linux encryption is not as effective