Stormous ransomware emerged amid tensions between Russia and Ukraine. As the invasion of Ukraine began, Stormous took a pro-Russia stance. Along with the Conti ransomware, which have been at the forefront of cyberattacks against countries that are opposed to Russia. This conflict has shown the advancement of modern warfare that goes far beyond war power. In the face of threats made by Conti

Chaos Ransomware has been active since June 2021, it is a .NET variant of RYUK Ransomware. It is being offered for testing on underground forums. Chaos has evolved quite a bit since its first appearance, at first it was much more of a destructive Trojan than a ransomware. But now, in its current version it acts like ransomware, which aims to

The Sugar ransomware differs from the larger ransomware gangs and focuses its attacks on individual computers of ordinary users and small businesses. The group emerged in November 2021, it is not very clear why the group chose to do small attacks, but the fact that these computers are easier to hack and do not draw as much attention from authorities, may

Stepik ransomware is highly dangerous, its attacks have produced damage around the world. Stepik uses strong AES and RSA encryption. The files encrypted by it can only be accessed with the matrix decryption key, which is kept by the groups on a remote server, for each attack there is a specific key. The main means of attacks used by the group

The LolKek ransomware is a variant of BitRansomware, a family that used the RaaS (Ransomware as a Service) tactic. The RaaS tactic consists of selling the malware to agents outside the group that developed the ransomware, the ransomware is offered on dark web forums and interested parties can make the purchase. The group has a stake in the ransom amount paid

Banta ransomware is part of the Phobos ransomware family, which has been responsible for numerous attacks over the years. Banta is developed in .NET language and uses AES encryption. Banta acts as a Trojan horse to break into the victim’s system, the file is downloaded through emails, pirate download sites and others. The file, apparently, looks normal, but the ransomware is

Maoloa ransomware apparently appears to be a member of the GlobeImposter ransomware family. But it is not confirmed if Maoloa is in fact part of the GlobeImposter family. But in a deeper look at the malware, it appears to be a variation of the Russian Scarab ransomware. The first appearance of the group was in 2019, the group was offering its malware on

MKP ransomware is a variant of the Makop ransomware, which like other ransomware has strived to create a family/cartel. MKP has already emerged with all the structure that Makop built with its attacks, this completely changes the shape and potential of a newly created group. MKP ransomware uses two main ways to break into the victim’s system, which are spam email and

DJVU ransomware, also known as STOP, has elevated its attacks since early 2022. It first appeared in 2018 and since then there have been more than 370 variations of the malware. STOP/DJVU uses RSA encryption, which is one of the most commonly used by ransomware groups, the group’s main focus is Windows operating systems. Because there are so many variations of

ROGER ransomware is part of the Dharma ransomware family, which has been responsible for numerous attacks around the world in recent years, causing thousands of dollars in damage to the companies attacked. There have been more and more groups structured this way, this type of structure brings weight to the name of the group members. ROGER has emerged as a member