5 of the Biggest Ransomware Groups, and How They Target Local Businesses


As a business owner, I’m sure you are well aware of the constant cybersecurity threats we face in the digital age.


It seems every other day we see headlines about large firms being targeted by Ransomware.


As a local IT provider, it’s our mission to protect our clients from these types of attacks, but we also value our duty to care for the broader business community as a whole.


Awareness of cyber threats can help you make the right decisions about technology solutions and what is worth investing in.


In this article, we’ll cover five of the most dangerous ransomware groups, what they look for in their targets, and steps you can take to better protect yourself from these threats.

Maze aka ChaCha

Maze ransomware was first found in 2019 and is estimated to be the main culprit in over 1/3rd of all ransomware attacks.

Most notably, the Maze group made headlines when they demanded millions of dollars from a state bank in Latin America.

When Maze ransomware was first discovered, it was most commonly distributed through attachments in emails sent from seemingly legitimate sources. More recent attacks have began using new methods to drop the ransomware payload. For instance, many Maze ransomware attacks have used stolen or guessed username and password combinations to infiltrate a network. Training employees on cybersecurity awareness and implementing authentication systems like MFA are vital tools to protecting your business from these types of ransomware attacks.

Conti Ransomware

Conti first appeared in 2020, and is estimated to account for about 13% of all ransomware attacks.

Once Conti Ransomware is successfully deployed, it immediately begins a series of actions designed to mitigate the victims ability to protect themselves, including deleting volume shadow copies (an automated backup / snapshot system on Windows devices), as well as disabling monitoring softwares and defense applications.

The strange thing about Conti is that when they hold the company for ransom, they will also offer security advice on how to plug the holes from future breaches – almost like they have a guilty conscious, or try to justify their otherwise criminal actions.

According to NHS digital, the only guaranteed way to recover from a Conti Ransomware attack is to restore all affected files from the most recent backup.

REvil Ransomware

REvil Ransomware is a Russian-based Ransomware-as-a-service (RaaS) operation, estimated to account for about 11% of all attacks.

Most notably, in 2022, REvil claimed to have stolen plans for upcoming Apple products, threatening to release the plans publicly unless their ransom was paid.

In 2022, the Russian Federal Security Service claimed to have dismantled the group and charged several of its members, but attacks using REvil ransomware have still been seen in 2023.

Netwalker Ransomware

The group behind this Ransomware have made over $25million by targeting a large volume of business users.

A Windows-specific ransomware designed to encrypt and exfiltrate all the data it breaches, after a successful attack, victims are presented with a ransomware note, demanding bitcoin payment in exchange for the full decryption of their compromised data.
Police managed to seize and arrest a Canadian national on the grounds of extorting over $27 million.

Once again, the most reliable way of recovering from a Netwalker ransomware attack is to restore your compromised files from a recent backup.

DoppelPaymer Ransomware

This group frequently targets healthcare, emergency services, and education services. The group made headlines by targeting Delaware County and receiving over $500,000.

As of March, a coordinated effort involving Europol, the FBI and the Dutch Police, led to the arrest of two individuals who allegedly play a major role in the development of the ransomware, but time will tell how long it takes before DoppelPaymer is no longer a threat.

What do all of these groups have in common? They lock and encrypt files on business networks.

How You Can Stay Protected

If you are worried about Ransomware and the potential risk, there are a few things you can do to reduce the risk.

To start, regularly performing software updates and patching of all your business devices is essential, as these patches routinely catch and fix discovered vulnerabilities. We have software that can help manage patching on your network.

Other risk mitigation includes regularly checking your backup solution and testing to make sure it is 100% restorable. There’s nothing worse than receiving a phone call from someone hit by Ransomware that does not have a working backup of their data.

If you would like assistance or advice in how you can reduce your businesses risk of being targeted by Ransomware, get in touch with us today.

Get in touch with us

Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.

Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.

Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.

Scroll to Top

Secutor Insider Direct

Discover a new era in cybersecurity purchasing. No markups, no hidden fees. Just the right tools at the right price, tailored to your needs, with expert advice from our seasoned cybersecurity professionals.

Ready to Find Your Solution?

Use the form to schedule a consultation, and we’ll reach out within 48 hours to confirm the appointment.

Considering this delay, please only select meeting dates 48 hours or more in advance. Your information will only be used to facilitate a meeting.