top of page
  • Writer's pictureechoudhury77

Top 5 Most Dangerous Ransomware Groups

Updated: Jul 2, 2021

In this age of ransomware, there are many different groups, but which among them are the most notable? Here is a small list of the groups that have been some of the most notable groups recently.

1. CL0P

Believed to first have been seen active in 2019, CL0P is believed to be a Russian speaking group that notable only targets large corporate targets, including a Fortune 500 company and a multi-billion dollar law firm. CL0P uses the now common extortion tactic of stealing sensitive files before encrypting the infected machines, then demand payment for not only decrypting the machines but to also not have the sensitive documents leaked. CL0P also has a moral statement claiming on their own deep web website.


PYSA, “Protect Your System Amigo”, group was first seen in December of 2019. PYSA is a Ransomware as a Service that has been mainly focusing on small to large businesses mainly in the healthcare industry and branches of government, but more recently they have had a focus on school districts.

3. REvil/Sodinokibi

REvil first started making an appearance in April 2019 after the fall of another group known as GandCrab. REvil targets high-valued corporate targets. REvil works in a similar way to the CL0P group where they will steal sensitive documents and threaten to auction them off if the ransom is not paid. It is estimated that the group pulls in around $100 million per year of its ransomware attacks.

4. DoppelPaymer

DoppelPaymer first started being seen in September 2020. The group's targets are organizations in healthcare, emergency services, and education. The group has also been accredited with disruptions to a community college as well as police and emergency services in a city in the US. DoppelPaymer's ransom demands also varies from victim to victim. With some of the smaller businesses that it hit it asked for $25,000 but for a larger company it demanded $1,200,000.

5. Ragnar_Locker

Ragnar_Locker is a ransomware that targets Windows computers. It was first seen in the latter half of December 2019. In their own About Us page, they go on about how they do not want to damage a business but will if they have to if the business does not pay.

Ragnar_Locker seems to mainly target large private companies.

The group will post the sensitive documents from companies they have compromised on their own "Wall of Shame."

33 views0 comments


bottom of page