Ransomware Gangs in 2023: A Deep Dive

Ransomware Gangs in 2023: A Deep Dive

As ransomware attacks have been on the rise over the past few years, ransomware gangs have emerged from the shadows all over the world. These gangs are serial hackers, who have attacked lots of different organisations around the world.

For any business, this is obviously terrifying. After all, nobody wants to go up against a hacker, let alone a team of them. That’s why educating yourself on the ransomware gangs of today and why they might commit the attacks that they do is vital.

In this article, we’re going to go over ransomware gangs and let you know about some of the most notorious ransomware gangs of 2023. We’ll also take a look at some strategies that you can use to prevent and mitigate an attack.

Ransomware Gangs: Motivations and Trends

A ransomware gang is simply a collective of criminals who coordinate and commit ransomware attacks on multiple organisations worldwide. While ransomware is the new weapon for these gangs, these kinds of cybercrime gangs have been around for a long time — using weapons such as DDoS and other attacks in the past for similar reasons.

While it can be said that all of these gangs have slightly different motives, there are a few key motivations and trends that can be attributed to some, if not all of the major gangs of 2023 —

  • Financial Gains: As with any form of extortion, the primary motivation behind most ransomware attacks is profit. Ransomware attacks primarily aim to extort money from individuals and businesses, so any gang using these attacks is very clearly after some kind of financial gain.
  • Ease of Use: Unlike other, more advanced forms of cybercrime, ransomware attacks can be bought as a kit from underground markets. This means that less technically skilled individuals can get their hands on ransomware tech with much more ease than other methods of attack.
  • Powerful Monetisation: While a ransom by itself is already a powerful form of extortion, using double extortion methods — in which the attackers both aim for a ransom as well as extract data to sell later on — is a powerful method of monetisation and can result in a bigger payload than other financially minded attacks.
  • Evolving Technologies: Ransomware attackers are constantly increasing their technological capabilities — and ransomware gangs are able to pool together to find new technologies much faster than alone. This means that it’s hard to keep up with newer attacks, as they use much newer and relatively unknown technologies.
  • Politics: Some gangs are questioned to be affiliated with political or governmental figures, which means that some of these cyberattacks are acts of cyberwarfare that are disguised as civilian-level attacks. Due to the black market nature of these attacks, it’s hard to prove that there is an affiliation between a government and the hackers who commit the attack, which makes it a relatively risk-free way to set back political enemies.

Notorious Ransomware Gangs of 2023

Lockbit 3.0

Probably one of the most infamous groups out there when it comes to ransomware, Lockbit 3.0 is a group of ransomware attackers that also sell attacks as a ransomware-as-a-service (RaaS) package — and are the largest attacker worldwide, as their attacks make up 39% of all ransomware attacks between October 2022 and May 2023.

Their most frequent point of attack is through phishing, but also exploit vulnerabilities within their targets to gain access and deploy the attack. Their attacks mainly focus on countries in Western Europe, North America, and Asia, and have taken down major companies such as Royal Mail in the United Kingdom.


BlackCat/AlphV is a newer ransomware gang that is suspected to be the successor of past dissolved ransomware operators, according to a member of LockBit.

AlphV uses the programming language Rust to evade detection and encrypt their victims’ files to ensure success, and to make sure that their attacks go unnoticed. They have targeted organisations such as Western Digital and Sun Pharmaceuticals.


CLOP Ransomware has extorted more than $500 million from various companies worldwide since it emerged in 2019, including two prominent United States universities and multiple large energy companies.

CLOP aims to encrypt and extract data by appending the .clop file extension to the files affected. With this, they can deny access and even leak portions of the data to prove they have access, before provoking organisations to pay up or lose even more in the process.


Royal ransomware has been used since 2022 to compromise organisations worldwide. Believed to have evolved from an older iteration known as ‘Zeon’, Royal ransomware attacks aim to exfiltrate data as fast as possible before deploying the ransomware and encrypting the systems.

Black Basta

Black Basta is a ransomware operator that utilises phishing and malicious attachments to deliver ransomware to their targets, before using a standard double extortion tactic to exploit their targets.

Black Basta is believed to be a Russian gang that was formed from the defunct Conti group due to their similar practices.

Mitigation and Prevention Strategies

Knowing how to mitigate and protect yourself from cyberattacks is vital to making sure that you’re not hit by one of the major ransomware gangs in the future.

Here are some steps that you can take to protect your organisation —

  • Create a thorough disaster recovery plan: A good disaster recovery plan can help your organisation get back on its feet after a catastrophic ransomware attack.
  • Backups are vital: Ransomware attackers aim to deny access to data to cripple your organisation into surrender. By backing up your most vital data, you can ensure that you can get back onto your feet fast.
  • Ensure high standards of security: Lots of cyberattacks occur due to a lapse in cybersecurity. By ensuring that your cybersecurity standards are high, your organisation won’t be vulnerable to easy attacks.
  • Don’t pay the ransom: Paying the ransom is never going to end well. By preparing your organisation and investing in data recovery, you can ensure that your organisation is prepared to come out of the other end strong.

How We Can Help

Ransomware attacks can be scary for any organisation, so educating yourself on the world of cyberattacks is vital to be prepared for anything that’s to come. By taking the correct steps to prepare yourself, you can easily ensure that your organisation is prepared for any attacks in the future.

If you’re looking for help with cybersecurity, our experts are here for you. We’ll be able to ensure that you’re prepared to take on any threat and stay protected, while also making sure that all the right precautions are in place to ensure good cybersecurity to avoid attacks.

Contact us now and see how we can help!