Ryuk was the Russian-speaking operation that proved you could ransom a Fortune 500 company for tens of millions of dollars and get away with it. It is also the operation whose people went on to run Conti — and, by extension, half the modern ransomware ecosystem.
Browsing: Uncategorized
Cl0p turned ransomware into a zero-day data-extortion business. Three sweeping campaigns against file-transfer software — Accellion, GoAnywhere, and MOVEit — produced thousands of victims and billions in damages, with little encryption and a lot of stolen data.
BlackCat — also known as ALPHV — was the first major ransomware written in Rust, the operation that filed an SEC complaint against its own victim, and the brand that walked away with $22 million from Change Healthcare and stiffed its own affiliate. A short, eventful career.
REvil — a.k.a. Sodinokibi — was the swaggering, big-game hunting RaaS responsible for some of the highest-profile attacks in ransomware history, including the Kaseya supply-chain incident. Then it vanished, briefly came back, and got cleaned up by the FSB.
Conti was the most corporate ransomware operation of its era — payroll, HR, R&D, the works — until an internal leak in 2022 exposed the entire enterprise and its political alignment. Here is how it grew, how it operated, and how it collapsed into a network of successor brands.
LockBit was the most prolific ransomware operation in history, running an industrialised RaaS program with the world’s fastest encryptor — until Operation Cronos shredded its infrastructure in early 2024.
Ransomware-as-a-Service turned ransomware from a craft into a franchise. Core developers write the malware, affiliates run the intrusions, and revenue is split. Here is how RaaS works, who plays which role, and why it has been so hard to disrupt.
Not all ransomware is alike. Crypto-ransomware, lockers, scareware, leakware, doxware, wipers — each works differently and demands a different defensive response. A practical taxonomy.
Modern ransomware attacks are not single events; they are weeks-long intrusions that end in encryption. Here is the full lifecycle, from initial access to extortion, and what defenders can do at each stage.
Ransomware did not start with Bitcoin. It started in 1989, on floppy disks mailed to AIDS researchers, and spent thirty years evolving into the multibillion-dollar criminal industry we know today.