Crypto News

Holding The World To Ransom: Top 5 Online Gangs

Source: Adobe/Furkan

Roberto Musotto, Research fellow, Edith Cowan University, Brianna O’Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan University, and Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University.

On the web, no one is aware of you’re a canine!

These phrases from Peter Steiner’s famous cartoon might simply be utilized to the current ransomware assault on Florida-based software provider Kaseya.

Kaseya offers software providers to 1000’s of shoppers all over the world. It’s estimated between 800 and 1,500 medium to small companies could also be impacted by the assault, with the hackers demanding USD 50m (lower than the beforehand reported USD 70m) in alternate for restoring entry to information being held for ransom.

The global ransomware attack has been labelled the largest on file. Russian cybercriminal organisation REvil is the alleged wrongdoer.

Despite its notoriety, no one actually is aware of what REvil is, what it’s able to or why it does what it does — aside from the rapid profit of giant sums of money. Also, ransomware assaults usually contain huge distributed networks, so it’s not even sure the people concerned would know one another.

Ransomware assaults are growing exponentially in measurement and ransom demand — altering the way in which we function on-line. Understanding who these teams are and what they need is important to take them down.

Here, we record the highest 5 most harmful prison organizations at present on-line. As far as we all know, these rogue teams aren’t backed or sponsored by any state.


DarkSide is the group behind the Colonial Pipeline ransom assault in May, which shut down the US Colonial Pipeline’s gas distribution community, triggering gasoline scarcity issues.

The group seemingly first emerged in August final year. It targets large companies that can endure from any disruption to their providers — a key issue, as they’re then extra more likely to pay ransom. Such firms are additionally extra more likely to have cyber insurance which, for criminals, means simple moneymaking.

DarkSide’s business mannequin is to supply a ransomware service. In different phrases, it carries out ransomware assaults on behalf of different, hidden perpetrator/s to allow them to reduce their legal responsibility. The executor and perpetrator then share earnings.

Groups that provide cybercrime-as-a-service additionally present on-line discussion board communications to help others who might need to enhance their cybercrime expertise.

This would possibly contain instructing somebody find out how to mix distributed denial-of-service (DDoS) and ransomware attacks, to place further strain on negotiations. The ransomware would forestall a business from engaged on previous and present orders, whereas a DDoS assault would block any new orders.


The ransomware-as-a-service group REvil is at present making headlines as a result of ongoing Kaseya incident, in addition to one other current assault on world meat processing company JBS. This group has been significantly lively in 2020-2021.

Holding The World To Ransom: Top 5 Online Gangs 102
REvil’s HappyBlog web page exhibiting US$70m ransom demand.
Author supplied

In April, REvil stole technical information on unreleased Apple merchandise from Quanta Computer, a Taiwanese company that assembles Apple laptops. A ransom of USD 50m was demanded to forestall public launch of the stolen information. It hasn’t been revealed whether or not or not this money was paid.


The ransomware Clop was created in 2019 by a financially-motivated group answerable for yielding half a billion US dollars.

The Clop group’s speciality is “double-extortion”. This includes concentrating on organizations with ransom money in alternate for a decryption key that can restore the group’s entry to stolen information. However, targets will then must pay further ransom to not have the info launched publicly.

Historical examples reveal that organizations which pay a ransom as soon as usually tend to pay once more sooner or later. So hackers will have a tendency to focus on the identical organizations time and again, asking for extra money every time.

Holding The World To Ransom: Top 5 Online Gangs 103
ClopLeaks web site exhibiting instantly downloadable ransom recordsdata.
Author supplied

Syrian Electronic Army

Far from a typical cybercrime gang, the Syrian Electronic Army has been launching on-line assaults since 2011 to advertise political propaganda. With this motive, they’ve been dubbed a hactivist group.

While the group has links with Bashar al-Assad’s regime, it’s extra probably made up of online vigilantes attempting to be media auxiliary for the Syrian military.

Their method is to distribute fake news by means of respected sources. In 2013, a single tweet despatched by them from the official account of the Associated Press, the world’s main information company, had the impact of wiping billions from the stock market.

Holding The World To Ransom: Top 5 Online Gangs 104
The faux AP tweet from the Syrian Electronic Army.

The Syrian Electronic Army exploits the truth that most individuals on-line generally tend to interpret and react to content material with an implicit sense of belief. And they’re a main instance of how the boundaries between crime and terror teams on-line are much less distinct than within the bodily world.


If this record might include a “super villain”, it might be FIN7. Another Russian-based group, FIN7 is arguably probably the most successful on-line prison organisation of all time. Operating since 2012, it primarily works as a business.

Many of its operations have been undetected for years. Its information breaches have exploited cross-attack situations, whereby the info breach serves a number of functions. For instance, it might allow extortion by means of ransom whereas additionally permitting the attacker to make use of information towards victims, equivalent to by reselling it to a 3rd celebration.

In early 2017, FIN7 was alleged to be behind an assault concentrating on companies offering filings to the US Security and Exchange Commission. This confidential data was exploited and used to acquire ransom which was then invested on the stock alternate.

As such, the teams made enormous sums of money by buying and selling on confidential data. The insider trading scheme facilitated by hacking went on for a few years — which is why it’s not doable to quantify the precise quantity of financial injury. But it’s estimated to be properly over USD 1bn.

Organised crime vs organised criminals

When it involves advanced prison organisations, techniques evolve and motives range.

The manner they arrange themselves and commit crimes on-line may be very completely different out of your native offline gang. Ransomware could be launched from anyplace on the earth, so it’s very tough to prosecute these criminals. Matters are made much more sophisticated when a number of events coordinate throughout borders.

It’s no surprise the problem for legislation enforcement companies is important. It’s essential that authorities investigating an assault are certain it was certainly perpetrated by who they think. But to know this, they want all the assistance they will get.

Read extra:
Nothing like the mafia: cybercriminals are much like the everyday, poorly paid business worker

The Conversation

This article is republished from The Conversation below a Creative Commons license. Read the original article.


Learn extra:
– New Crypto FUD Round Incoming as US Gunning for Ransomware Crackdown
– Bitcoin Ransomware Hacking Victim Hacks The Hackers

– Victim Stung for BTC 22 as DoppelPaymer Scammers Claim Latest Victim
– Hack Forces Travel Company to Pay USD 4.6m in Bitcoin Ransom

– Hackers Attack Telecom Argentina, Demand USD 7.5m In Monero
– UK Court Freezes a Ransomware-linked Bitcoin Account on Bitfinex

Back to top button