Ranzy Locker ransomware has placed itself among major cybercriminal groups, it is a spin-off of the AKO and ThunderX ransomware. The FBI released a flash alert with information about the group and its high dangerousness. Ranzy Locker first appeared in 2020, and that same year the FBI recorded attacks on more than thirty companies in critical manufacturing, government academic, facilities,

DoppelPaymer ransomware is one of the old groups that remains on the world stage to this day, time has not taken away from the group’s thirst and commitment to making attacks. The amount of ransom demanded by the group is around $25,000 to $1.2 million. The main means of invasion used by the group are malicious spam email campaigns, one

The Lockean ransomware is the newest group in the “big game hunting” which is the open hunting of large corporations.The first record of the ransomware was made yesterday (03/10/2021), but not that it was the first record of activity from the group. There are indications that they have already been allied with large groups that have done numerous attacks around

After a short break Zeppelin ransomware is back in business, with its updated system it appears as a big one in the “Big Game Hunting“. He is part of the Vagas Locker family of ransomware, which include Jamper, Storm (or Buran). Zeppelin’s first detection was in November 2019. Like the vast majority of ransomware, Zeppelin uses the RaaS (Ransomware as a

The Everest ransomware emerged in the second half of 2018, making attacks on several companies and large organisations, one example was the attack on the Brazilian government, more specifically on the national treasury and also on a network of the Attorney General of the National Treasury, these attacks were carried out in August 2021. The Everest ransomware is part of

FiveHands ransomware, also known as Hello Kitty ransomware, was discovered by CISA (Cybersecurity and Infrastructure Security Agency), the US cybersecurity agency, and has been under attack since May 2020. The group uses the double extortion method, which in addition to blocking the files also threatens to leak them, this tactic is used to pressure the victim to pay the ransom

Alpha Ransomware first appeared in July 2016, since then it has been active. The group performs attacks and invades systems with a similar method to other ransomware, but has something different, after invading the system the first thing done is to create an automatic execution called Microsoft, and with this execution even if the victim turns off or restarts the computer

The Spook ransomware is a derivative of the Prometheus ransomware, which in turn is a derivative of the Thanos ransomware. This is a good example of how some ransomware groups act. Constant attacks can bring unwanted attention from authorities to the group. When this happens, the group’s activities are shut down and, after some time, the same tactics used by the group

The Clop ransomware emerged in mid-February 2019. Six members of the group were arrested in June 2021 in Ukraine following an investigation by International police (from Ukraine, the United States and South Korea), but the group is still active. The group was responsible for many attacks on large companies, and caused an estimated $500 million in damage. The attacks were

Haron ransomware is relatively new, along with Blackmatter ransomware and AvosLocker it has been vying for the spot left by REvil Sodinokibi and Darkside and especially Evaddon ransomware which appears to be Haron’s direct predecessor. The Haron group follows a “good manners” norm, they restrict attacks to specific sectors such as: Hospitals; Critical infrastructure facilities (nuclear plants, power plants, water treatment facilities); Oil and