Report an IncidentTalk to Sales
managed security image

Five Prominent Ransomware Groups you should be aware of

September 6, 2022 | by Manish Chasta

1. Pandora

Pandora was able to effectively target certain high-profile victims around March 2022, including Denso Corporation, which is the world's second largest automotive parts supplier. This brought Pandora to the attention of the public.

Typically, Pandora infects and encrypts a file, leaving behind a letter encouraging the victim to contact them for the decryption key. Researchers refer to Pandora's strategy as "double extortion" - a technique in which the threat actor infiltrates and encrypts the victim's important data, giving the decryption key only after receiving the ransom.

As the Tactics, Techniques, and Procedures (TTPs) of Pandora and Rook ransomware are quite similar, many experts assume that Pandora is a rebranded version of Rook.

It's common for ransomware gangs to rebrand or come up with new names when they're the subject of too much investigation. That might explain why, if at all, Rook changed its name to Pandora.

2. BlackCat Ransomware

BlackCat is now generally recognised as a rising danger and a prime illustration of the Ransomware-as-a-Service pandemic (RaaS).

In addition, BlackCat is one of the few ransomware families built in the current programming language 'Rust.' Its helps it avoid detection, especially by more traditional security systems that are still learning how to interpret this language.

In 2022, BlackCat has already made quite a splash. The Moncler ransomware assault was one of the most high-profile cases of BlackCat ransomware. The ransomware organisation released the company's data in January of this year after it failed to pay the $3 million extortion.

According to an alleged BlackCat assault in February 2022, Oiltanking and Mabanaft were badly damaged. In total, 233 German gas stations were impacted by the attack on the systems of two sibling businesses. Internal reports from the Federal Office for Information Security (BSI) stated that BlackCat ransomware was responsible for the assault.

3. LockBit Ransomware

LockBit is a very harmful malware that detects susceptible targets, infects them, and encrypts data on all network platforms. LockBit is often used for highly focused assaults on larger corporations and government institutions, rather than on individuals.

LockBit was identified as the ".abcd virus" in 2019 because of the file extension it utilised when encrypting a victim's files.

LockBit has successfully launched notable assaults against French electronics conglomerate Thales Group, the French Ministry of Justice, and American tyre maker Bridgestone in 2022 alone.

4. Lapsus$

A ransomware gang known as Lapsus$, led allegedly by a youngster, is suspected of being behind a number of recent high-profile assaults. According to the ransomware gang, Nvidia, Ubisoft, and Samsung are just a few of the companies that have been targeted.

Recently, it came to light for getting access to the source code of Microsoft products Bing and Cortana by hacking into Okta's internal network.

Okta services are used by a large number of businesses and individuals throughout the world, therefore the impact of this breach and the possible consequences were enormous. After hacking into the organisation and gaining access to client data, the ransomware gang released a series of pictures to illustrate that it could change passwords as well as obtain access to administrative panels.

An estimated 40 gigabytes of data belonging to Microsoft has been released by the ransomware organisation in this particular attack on the IT giant. Confidentiality of the code is not Microsoft's primary method of reducing risk, and it has certified that no client data or code has been compromised.

Experts like to call Lapsus$ extortionists since their assaults entail data theft and threats to release information if ransom payments are not paid, according to researchers.

5. Vice Society

Vice Society is a group of ransomware that encrypts victims' files and won't let them decrypt until the ransom is paid. In 2022, Vice Society has been going after a lot of schools and government buildings.

After attacking Missouri School, the group leaked sensitive information, like the Social Security numbers of its employees, because the school didn't pay a good enough ransom.

Personal information about students and teachers at the Durham Johnston school in the UK was also leaked in the same way because the school could not pay a ransom.

Vice Society's list of victims now includes the Italian city of Palermo. Because of this attack, all internet-based services in the city had to be shut down to stop the damage from getting worse.


When it comes to knowledge of ransomware groups, this list just touches the surface; nonetheless, it does reaffirm the fact that these groups are rising in number and complexity with every passing minute. On top of this, the proliferation of ransomware-as-a-service means that anyone with even fundamental computer abilities may download an attack kit from the internet and launch it against your company.

Even while we are in no way trying to instil panic with this concept, it is essential that we bring attention to the critical urgency with which organisations must increase their ransomware preparedness. To begin, making an investment in a ransomware readiness assessment is an excellent approach to obtain an accurate view of where you truly are in terms of being prepared technologically and in terms of having the necessary training.

In addition, we provide a number of ready-to-use products and assets, such as a Ransomware Readiness Checklist that covers 9 essential elements and may be used by you right away to enhance your level of readiness. Incident Response Framework and Quick Guide for the first responder are very useful assets and reference material when you are under attack.

Today, personnel training in how to respond to ransomware attacks should also be a high concern. As can be seen from the instances presented previously, there is a significant likelihood that the security of your company or organisation may be breached.

In light of these recent occurrences, it is essential that both your IT staff and your Incident Response team be familiar with how to respond appropriately and limit the harm caused by cybercriminals when they launch an attack. Our Ransomware Response Checklist, Quick Guide for First Responder and Incident Response Framework and Guidelines are helpful materials that may be downloaded and printed for quick memory in times of panic and to become better prepared to cope with a ransomware attack. All of these can be found on our website.

Manish Chasta
16+ Years of Experience in delivering business value and optimal cyber security Solutions in high growth corporate environments across all verticals.
Report an Incident
Report an Incident - Blog
Ask Experts
Our team of expert is available 24x7 to help any organization experiencing an active breach.

More Topic

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram