Ransomware groups are cybercriminal organizations specialized in deploying malware that encrypts victims’ data, making this information inaccessible. Once the data has been encrypted, these groups typically demand a ransom, often paid in cryptocurrency, in exchange for the decryption key enabling victims to recover their data. These attacks can target individuals, businesses, government institutions or critical infrastructures, causing major disruption and considerable financial loss.
Over the years, several ransomware groups have emerged and gained notoriety for their large-scale attacks and exorbitant ransom demands. These groups use sophisticated techniques, exploit vulnerabilities and constantly adapt their methods to evade detection and maximize their profits. In addition to encrypting data, some also threaten to divulge sensitive information if they don’t receive payment, adding an extra dimension of blackmail to their operations.
For security reasons, we voluntarily limit the disclosure of detailed information about our specific tools. Our cyber watch unit constantly monitors the activity of ransomware groups.
LockBit made its debut in 2019. It primarily targets large organizations and uses military-grade encryption technology to hold organizations' IT systems hostage.
The digital enemy to watch closely in 2023... BlackCat ransomware, also known as Alphv ransomware, is considered to be one of the most sophisticated types of malware.
Pysa ransomware has emerged as a major threat in the cyberthreat landscape. It was first reported by the Federal Bureau of Investigation (FBI) due to its increased activity and high impact.
The Monti ransomware stands out for its targeted cyberattacks and sophisticated infiltration strategy. Although still relatively new, it has already inflicted considerable damage on several organizations.
The Hive ransomware was a ransomware-as-a-service (RaaS) operation run by the eponymous cybercriminal organization between June 2021 and January 2023. Its main target was public institutions.
Browse our knowledge base. We have compiled the available data on the following Ransomware strains
First identified in February 2025, the Kraken group quickly distinguished itself in the cybercriminal ecosystem through its sophisticated technical approach. Stemming from the ashes of
Launched in August 2025, the Scattered LAPSUS$ Hunters (SLSH) collective has rapidly established itself as one of the most formidable threats on today’s cybercriminal landscape.
Michelin, Mazda, Canon, Logitech, Harvard University… A hundred international organizations have just discovered that their most sensitive data has been exfiltrated for months. Behind this
First appearing in October 2025, Genesis has rapidly established itself as a formidable new player in the ransomware landscape. This emerging cybercriminal group has caught
Attackers from the Qilin group have taken their operations to a new level of sophistication by deploying a Linux variant of their ransomware directly on
September 5, 2025 marks the appearance of Yurei, a new ransomware group whose name evokes the spirits of Japanese folklore. This emergence illustrates a worrying
A new strain of ransomware dubbed HybridPetya was revealed by ESET Research researchers in September 2025. This sophisticated malware represents a worrying fusion between the
Despite the historic dismantling carried out by Operation Cronos in February 2024, the LockBit cybercrime group has resurfaced with version 5.0, featuring significant technical improvements
Since the end of 2023, KillSec has been gradually establishing itself in the global cybercrime ecosystem, perfectly illustrating the modern transformation of hacktivist groups towards
The Gentlemen, the new ransomware that appeared in the summer of 2025, didn’t wait long to make its presence felt, attracting all the attention of
Since July 2024, Lynx ransomware has established itself as one of the most sophisticated threats in the global cybercriminal ecosystem. Born of the rebranding of
On August 26, 2025,ESET researchers announced a significant discovery: PromptLock, the first known ransomware to use artificial intelligence to generate its malicious scripts in real
