Avos Locker ransomware comes as a response to the “retirement” of larger groups that were prominent with successful attacks around the world such as REvil Sodinokibi and Darkside. But it is not alone, Blackmatter ransomware is also in contention for that space. The Avos Locker ransomware emerged in late June 2021, the group has adopted the RaaS (Ransomware as a service) tactic which is the outsourcing

Ragnar Locker Ransomware acts in a different way to other ransomware, because in addition to it invading the system and encrypting the data, it also shuts down installed programs that could cause some risk to it (such as software updaters and anti-malware) and that can somehow fight the ransomware attack and stop its invasion of the system. This Ransomware emerged

RansomEXX is part of the group that has been most active recently, this group is made up of the Defray 777 and Ransom X ransomware. Together they are responsible for hundreds of attacks around the world. RansomEXX was developed to attack Windows operating systems, but over time has been updated and can also attack Linux operating systems, although Linux encryption is not

Defray 777 ransomware is perhaps the most destructive ransomware family in recent years. This ransomware family includes extensions such as Ransom X and Ransom XXX. This group has been active since 2017, with constant attacks and a remarkable evolution in its ransomware. This ransomware was the first recorded ransomware to be able to become hybrid, being able to attack both

Cuba Ransomware targets the Windows operating system. It was discovered by Ravi, an American Ransomware hunter. Its attacks are carried out through email campaigns. The emails contain a link to “subscribe” to a service document, delivery of the malware is via this macro-loaded Word document, which contains a Hancitor payload, which is downloaded and opened. Hancitor is a downloader that

LV ransomware has its code structure based on the structure of the REvil Sodinokibi ransomware, which was the tormentor of numerous companies after a wave of attacks in the United States. After those attacks, the REvil group ceased its activities because of the attention its attacks received from the US government. It is unclear whether the group passed its code

The Prometheus ransomware first appeared in February 2021, the FBI has issued an alert about it. It is a variant of the Thanos ransomware and claims to be an extension of the REvil Sodinokibi group, but there is no concrete evidence of a link between the two groups. This tactic is used by newly created groups that do not yet

A series of attacks by the HiveLeaks ransomware has garnered attention around the world, the FBI has issued a flash alert on attacks by this group. This extension is relatively new, their first appearance was in June 2021, they made a successful attack on Altus Group, a commercial real estate software development company, the amount requested for the ransom was

The Vice Society ransomware attacks led to an update to the Windows print spooler code. The port the group used for their attacks became known as “PrintNightmare”, the Windows update aimed to close this port. This flaw was in the printing system, after failing to execute the Spooler the hackers could access the operating system which granted them the same

In May of this year, the FBI released an alert about the considerable increase in attacks carried out by the Conti Ransomware. They use the RaaS (Ransomware as a Service), which is a way of outsourcing the spread of this ransomware, amplifying the number of attacks exponentially. They are evolving this type of service, instead of paying just a commission