All kinds of computer malware are dangerous to your privacy and security, with ransomware being a particularly nasty kind of software. Ransomware has been used to steal billions of dollars, so it's no surprise that ransomware gangs have since formed to profit from this cruel industry.

So, what exactly is a ransomware gang, how dangerous are they, and which are the most prevalent today? Let's find out below.

What Is Ransomware?

binary code behind falling dollar bills

Before we discuss ransomware gangs, let's quickly run over what exactly ransomware is.

As the name suggests, ransomware is a kind of software used to hold a victim's important information for ransom. It falls under the umbrella of malware, which is essentially any software that can be used maliciously. Attackers do this by encrypting data and holding it hostage, demanding payment for returning it in its unencrypted form. This is also known as a form of cyber-extortion.

Ransomware is often used to threaten large organizations rather than lone individuals, as this poses more of a widespread threat and can usually garner a higher ransom amount. Hospitals are a particularly common target for these kinds of attackers.

In the process of ransomware, hackers tend to use asymmetric encryption, which requires a pair of keys to decrypt the data. One of these keys is private, and the other public. The attacker will only provide the private key to the victim once they pay the ransom.

While there are many different kinds of ransomware used in different scenarios, this kind of malware is now being used more and more commonly to squeeze money out of both individuals and organizations. With this comes the rise of ransomware gangs, which pose a massive threat to users within the digital space.

What Are Ransomware Gangs?

binary code with shadows behind

Ransomware gangs are groups of individuals that work together to carry out ransomware attacks. They often consist of complex networks of numerous cybercriminals with the power to steal tens or hundreds of millions of dollars every year.

But these gangs are by no means unsophisticated. In fact, ransomware gangs now operate professionally, employing staff for various roles within their organizations, such as research and development. A particularly crucial kind of employee within these criminal organizations are coders, which create the code for ransomware.

Surprisingly, a lot of these ransomware gangs even have their own human resources departments! Many want to be recognized as legitimate businesses, though their activities make this difficult. To promote themselves throughout the digital space, these gangs often give themselves names so that their activities can be attributed back to them.

Because the ransomware industry is becoming so profitable, governments around the world are trying to crack down on these kinds of crimes. The US government has even equated ransomware to digital terrorism and is offering huge bounties to more efficiently track down the individuals and gangs that make millions by holding data hostage.

While there are numerous ransomware gangs in operation today, a certain few are known to be particularly prominent in their field.

The Biggest Ransomware Gangs

two hackers

Below, we've listed three of the biggest and most successful ransomware gangs out there today, along with the attacks they've carried out in recent years.

1. Conti/Wizard Spider

The Conti or Wizard Spider cybercrime gang is a Russian group that is estimated to have around 80 members. Since its first reported activities in 2018, the group has stolen hundreds of millions of dollars via ransomware attacks.

Surprisingly, it is suspected that the Russian state allows the existence of this gang and others, as long as they do not target Russian individuals or organizations and specifically focus on attacking victims in the West.

As is typical for this kind of gang, Conti has attacked healthcare organizations multiple times before. The group carried out a particularly severe attack on HSE, a British government agency that aims to protect the safety and welfare of individuals in their workplace. In this attack, Conti targeted the healthcare system of Northern Ireland, wherein they demanded a huge ransom after using a malicious email attachment to gain access to it.

A number of different investigatory bodies have gone after the Conti gang, including the FBI, Interpol, and the National Crime Agency. So, it's safe to say that they're on the map of major digital threats around the world.

2. DarkSide

DarkSide is a ransomware gang believed to be based in Eastern Europe and first rose to notoriety in 2020. The group is thought to have carried out almost 60 cyber extortion attacks over the past few years and is most likely behind the Colonial Pipeline cyberattack.

This involved the attack of an American oil system, wherein the oil supply to the east coast of the US was disrupted after over 100GB of important data was stolen. A hefty ransom of $5 million was eventually paid to DarkSide to stop this attack in its tracks.

Surprisingly, DarkSide is known to operate ethically. But of course, it's hard to imagine this being the case when the group carries out ransomware attacks.

The organization also offers ransomware services to users, who they screen via an interview before allowing them to access this software. These users are known as subscribers who make up a considerable part of DarkSide's business model.

3. Egregor

Since its initial string of attacks in 2020, Egregor has managed to infiltrate over 70 different organizations. Industry experts believe that the key members of the now-disbanded criminal group Maze have now reconvened as Egregor. Maze was shut down in 2020 after its core collaborators its master decryption keys and destroyed most of its ransomware code.

In October 2021, Egregor managed to corner Barnes & Noble, Crytek, and Ubisoft, claiming to gain access to crucial financial information and source codes for some of the companies' upcoming games. But whether or not Egregor successfully carried out these two crimes were never confirmed. In any case, it is safe to say Egregor has made its name in the cyber-extortion industry.

However, in Spring 2021, a number of suspected Egregor operatives were arrested in Ukraine by both French and Ukrainian authorities. So, operating within these gangs is certainly not without risk, and multiple crackdowns on numerous groups in the past have resulted in several arrests or shutdowns.

Ransomware Gangs Are a Particular Threat to Large-Scale Organizations

Of course, ransomware can be used to steal information from anyone, but these groups can gain huge pay-offs by attacking larger organizations with a lot more to lose. This is why we so often see ransomware gangs targeting such parties.

However, this does not mean that you are entirely safe from these attacks. Smaller ransomware attackers can certainly target sole victims, so it pays to protect yourself as much as possible when you're online.