The Most Dangerous Cybergangs and Their Weapons

The Most Dangerous Cybergangs and Their Weapons

Cybercriminals are dangerous, even individually. However, when they combine their efforts in a cybergang, not even government facilities are safe. But not only big players are in danger. You might also become a target if you own a business or startup. Here is what you should know about ransomware attacks and how to bolster your cybersecurity to avoid the devastating consequences.

ALPHV/Blackcat Cybergang

The ALPHV, Blackcat, or Noberus cybergang first appeared in November 2021. They are known for operating on the RaaS (ransomware-as-a-service) model by letting other criminals use their extremely dangerous Blackcat’s malware. Sometimes, they also apply DDoS (distributed denial-of-service) attacks to disrupt infrastructure and demand payments.

Those who opt for Balackcat’s service target various organizations and pay a percentage of the ransom payments to the criminal group. They inject malware that steals sensitive data from the victim and demand crypto payments in exchange. Some notable Blackcat/ALPHV attacks include:

  • Munster Technological University Cyber Attack 2023
  • Grupo Estrategas EMM Cyber Attack 2023
  • Reddit Cyber Attack 2023
  • Change Healthcare Cyber Attack 2024
  • Hong Kong’s Consumer Council 2024

The cybercriminal gang, or those who employed their RaaS, targeted over 350 entities globally since 2023.

Conti Ransomware Group & The Akira Ransomware

Akira ransomware began circulating on the web in 2023. This malware belongs to the Conti ransomware group and works similarly to the Conti V2 ransomware. It targets Windows and Linux systems, most commonly through infected email attachments and other cybersecurity vulnerabilities.

The cybergang’s most common targets are companies in Europe, North America, and Australia. It asks for huge ransom payments to release encrypted files, restore access, or prevent them from being leaked on the web.

Akira can bypass certain cybersecurity strategies and remain concealed. It often steals credentials to gain additional access to sensitive data. The malware also targets shadow copies of files to prevent data recovery. Over 250 organizations have been affected by ransomware, which is still active in 2024. It has already claimed $42 million in ransomware payments.

The REVil Group (Sodinokibi)

The REVil or Sodinokibi group formed in 2019 and may no longer be active. Most of the hackers operated in Russia, but in 2022, the Russian Federal Security Service announced it had dismantled the gang. Despite this, people still attribute ongoing attacks to them.

Some of its members are still working as progenitors of other cyber gang groups, such as Blackcat. Among their most notorious attacks are:

  • Twitter (now X) account hijacking 2020
  • Nintendo Data Leak 2020
  • United States federal government data breach 2020
  • Colonial Pipeline Ransomware Attack 2021
  • FBI email hack 2021
  • Ukraine cyberattacks 2022
  • Grand Theft Auto VI content leak 2022
  • Evide data breach 2023
  • Polish Railway Cyberattack 2023
  • XZ Utils backdoor 2024

The REVil or Sodinokibi group formed in 2019 and may no longer be active. Most of the hackers operated in Russia, and in 2022, the Russian Federal Security Service announced it had dismantled the gang. Despite this, people still attribute ongoing attacks to them.

Types of Ransomware

There are various malicious software that work slightly differently from each other. Here are the most common types of ransomware employed by cybergangs:

Crypto Ransomware: a malware that encrypts your data, preventing access. It can infiltrate systems through emails, downloads, or malicious websites.

Leakware (Doxare): a malware that steals data and encrypts it to coerce businesses to pay ransom.

Wiper Ransomware: this type of malware can corrupt or delete crucial data. Even after paying a ransom, recovering the data is often impossible. Its aim is mostly to destroy files in cyber warfare.

RaaS: ransomware-as-a-service enables any criminal to launch a cyber attack without the hacking skills. A cybergang might offer RaaS services that can be purchased online, significantly widening the pool of cyber attacks and wanna-be attackers.

DDoS: some cybercriminals use distributed denial-of-service ransomware attacks. These attacks harass victims and force them to pay a ransom until the attacks stop. The core of DDoS lies in flooding infrastructure with Internet traffic, which is particularly disruptive to business operations.

Scareware: this type of malware is mostly harmless to data. It merely mimics other more dangerous types of ransomware. Usually, it triggers the antivirus to act. Endless pop-ups or alerts deceive the user into thinking the issue is more serious than it is. Some give in and pay ransom to stop the pop-ups.

Locker Ransomware: this type of ransomware does not usually encrypt files or affect them in other ways. It also mimics more dangerous ransomware variants and can be mitigated easily.

What to do After a Ransomware Attack

If your company suffered a ransomware attack, it’s crucial to take coordinated actions immediately. Determine what devices are infected, how the attack occurred, and what files are compromised.

Try to isolate the attack and disconnect unaffected devices. If you haven’t backed up your data before the cyberattack, you can use data recovery software or decryption tools to restore access.

Keep in mind that paying the ransom doesn’t guarantee anything. Contact authorities or specialized cybersecurity firms to help you out. After mitigating the attack, you should implement an incident response plan if you haven’t had one before. Add additional security steps and adjust your systems by analyzing how the incident occurred.

Prevention Is Better Than the Cure

Ransomware gangs have access to a vast arsenal of tools and techniques. However, you can boost your company’s cybersecurity in various ways.

For example, you can learn how to set up a VPN for remote access. It will help you and your remote workers secure online connections by encrypting their data. Update the operating systems on your devices and all the apps. It will patch the existing security vulnerabilities, thus reducing the chances of hacking attacks.

Train your employees to recognize cyber threats, including phishing attempts, and how to respond appropriately. Also, back up your data regularly and have a recovery.

While it’s impossible to protect yourself completely from hackers, strong cybersecurity measures can serve as an effective repellent. Always be ready and stay informed about the latest cybercrime trends because knowledge is your greatest weapon in the outgoing cyberwar.