Meet the 5 most dangerous ransomware groups of 2022

The year 2021 ended with a 54% growth in cases of ransomware — cyber scam that hijacks victim’s data and files — in relation to the previous year. In addition, criminals have increasingly acted “professionally” to succeed in intrusions. The data is from the Brazilian company ISH Tecnologia.

A new category on the rise is RaaS, ransomware as a service in English. At dark webyou hackers sell complete kits to facilitate the attack. With this, the protagonists of the invasion do not even need to be experts in cybercrime. After the kit is sold, the group that created it receives a percentage of the amount paid to redeem the data.

The company cites five gangs in the ransomware that have claimed victims in the public and private sector in recent years.


self-styled largest group hacker in the world, Conti appeared in Russia in 2021 and, according to estimates, has already extorted more than US$ 180 million (R$ 939 million). It has already reached institutions of the Costa Rican government and pressured the local population to demand that the public authorities pay to recover the data.

The ISH says that, in addition to publishing stolen data, the group offers access to the companies of victims who refused to pay the ransom for sale.


Acronym for “Proteja Seu Sistema Amigo” in English and Spanish, it has prioritized targets in Brazil, Argentina, Colombia and Mexico. The group operates a variant of the well-known ransomware Mespinoza and targets government, large and private sector organizations.

Through RaaS, the group became known for the ironic tone of the messages sent to victims. It offers three suggestions on how to proceed to recover the data, in a short questionnaire. The last of the questions is “What will I tell my boss?” and the answer, “Protect Your System, Friend”.

Conti, Hive and Clop are among the top ransomware groups today (Image: Jake Schumacher/Unsplash)

Clop (or Cl0p)

The group operates an evolution of the family of ransomware CryptoMix and has gained fame for engaging high profile organizations in various industries. In 2021, shortly after the arrest of some members in a failed attack in Ukraine, the gang went a few months without carrying out attacks. The return took place in April, when it reached at least 21 companies, operating mainly in the technology and industry sectors.


First discovered in June 2021, Hive has malware developed to encrypt Linux and FreeBSD systems. Forensics show that, once infiltrated into machines, the focus is on disabling antivirus systems so that the “path is clear”.

It operates through RaaS and often affects the hospital sector. Even in the most acute periods of the pandemic, it took down the systems of several health institutions, making it difficult to carry out exams and communication. A famous case was that of the Memorial Health System, a US organization that manages several hospitals.

LockBit 2.0

Its first registrations are from the same period as Hive and one of its hallmarks is the recruitment of new affiliates on Hive forums. deep and dark web. Its operators also claim to have the fastest encryption software of any lineage of ransomware.

The United States leads the ranking of incidents involving LockBit, followed by India and Brazil. Recently, the Secretary of Finance of Rio de Janeiro was announced by the group as one of the victims.

Leave a Comment