October 26, 2022

With ransomware attacks becoming one of the most dangerous cyber threats in the world, Tech Republic has identified four of the most dangerous and destructive ransomware groups of 2022.

ALPHV, also known as BlackCat, is at the top of the list. It specializes in ransomware-as-a-service, where it delivers the malware and infrastructure to partners who then carry out the actual attacks. ALPHV is allegedly associated with the BlackMatter/DarkSide group, which was responsible for the infamous ransomware attack on the Colonial Pipeline in 2021.

The second, Black Basta, is a Ransomware-as-a-Service (RaaS) group consisting of former Conti and REvil ransomware gang members with whom it shares tactics, techniques and procedures. It increasingly infiltrates organizations by exploiting unpatched security flaws and publicly available source code. It also frequently employs double extortion tactics and threatens to disclose the stolen data publicly if the ransom is not paid. DDoS attacks are also used by the group to induce their victims to pay the ransom.

Hive, the third focuses on the industrial sector, academic and educational services, science and healthcare companies, as well as energy, resource, and agriculture companies. It reportedly hires penetration testers, access brokers, and threat actors to encrypt hundreds of megabytes to more than four gigabytes of data per minute.

The fourth is the LockBit 3.0 ransomware. Allegedly, it contained an updated data leak blog, a bug bounty program and new ransomware features. It prefers low-profile attacks and tries to avoid making headlines. The TTPs and software of the gang are constantly evolving and adapting. LockBit also employs a proprietary information stealer known as StealBit, a file grabber, which clones files from the network of the victim quickly into a LockBit-controlled infrastructure.

The sources for this piece include an article in TechRepublic.