Ransomware groups are cybercriminal organizations specialized in deploying malware that encrypts victims’ data, making this information inaccessible. Once the data has been encrypted, these groups typically demand a ransom, often paid in cryptocurrency, in exchange for the decryption key enabling victims to recover their data. These attacks can target individuals, businesses, government institutions or critical infrastructures, causing major disruption and considerable financial loss.
Over the years, several ransomware groups have emerged and gained notoriety for their large-scale attacks and exorbitant ransom demands. These groups use sophisticated techniques, exploit vulnerabilities and constantly adapt their methods to evade detection and maximize their profits. In addition to encrypting data, some also threaten to divulge sensitive information if they don’t receive payment, adding an extra dimension of blackmail to their operations.
For security reasons, we voluntarily limit the disclosure of detailed information about our specific tools. Our cyber watch unit constantly monitors the activity of ransomware groups.
LockBit made its debut in 2019. It primarily targets large organizations and uses military-grade encryption technology to hold organizations' IT systems hostage.
The digital enemy to watch closely in 2023... BlackCat ransomware, also known as Alphv ransomware, is considered to be one of the most sophisticated types of malware.
Pysa ransomware has emerged as a major threat in the cyberthreat landscape. It was first reported by the Federal Bureau of Investigation (FBI) due to its increased activity and high impact.
The Monti ransomware stands out for its targeted cyberattacks and sophisticated infiltration strategy. Although still relatively new, it has already inflicted considerable damage on several organizations.
The Hive ransomware was a ransomware-as-a-service (RaaS) operation run by the eponymous cybercriminal organization between June 2021 and January 2023. Its main target was public institutions.
Browse our knowledge base. We have compiled the available data on the following Ransomware strains
A new strain of ransomware dubbed HybridPetya was revealed by ESET Research researchers in September 2025. This sophisticated malware represents a worrying fusion between the
Despite the historic dismantling carried out by Operation Cronos in February 2024, the LockBit cybercrime group has resurfaced with version 5.0, featuring significant technical improvements
Since the end of 2023, KillSec has been gradually establishing itself in the global cybercrime ecosystem, perfectly illustrating the modern transformation of hacktivist groups towards
The Gentlemen, the new ransomware that appeared in the summer of 2025, didn’t wait long to make its presence felt, attracting all the attention of
Since July 2024, Lynx ransomware has established itself as one of the most sophisticated threats in the global cybercriminal ecosystem. Born of the rebranding of
On August 26, 2025,ESET researchers announced a significant discovery: PromptLock, the first known ransomware to use artificial intelligence to generate its malicious scripts in real
In just a few months, DragonForce has established itself as one of the most feared ransomware groups of 2025. Behind this name lies a cybercriminal
Since August 2023, INC Ransom has established itself as a major cybercriminal player in the international IT security arena. Specializing in double extortion, this group
Imagine ransomware that no longer encrypts your data, but terrorizes you just the same. This is the reality of Worldleaks, the criminal group revolutionizing digital
The ransomware landscape has been marked by the meteoric emergence ofa particularly formidable new player: the Interlock group. First appearing in September 2024, this criminal
The current ransomware landscape continues to evolve, with new and increasingly sophisticated ransomware emerging regularly. Among the most recent players to hit the cybersecurity scene,
The cybercriminal landscape of 2025 is undergoing a major evolution with the striking emergence of Safepay. Safepay is a ransomware group that has established itself
