An overview of ransomware Gangs in 2023

Ransomware attacks have been on the rise over the past few years, as gangs from all over the world emerge from the shadows. These gangs are serial hackers, who have attacked lots of different organisations around the globe.

For any business, this is obviously terrifying. After all, nobody wants to go up against a hacker, let alone a team of them. That’s why educating yourself on the ransomware gangs of today and why they might commit the attacks is vital.

In this article, we’re going to go over ransomware gangs and tell you about some of the most notorious gangs of 2023. We’ll also take a look at some strategies you can use to prevent and mitigate an attack.

Ransomware Gangs: Motivations and Trends

A ransomware gang is simply a collective of criminals who coordinate and commit ransomware attacks on multiple organisations worldwide. While ransomware is the new weapon for these gangs, this type of cybercrime has been around for a long time – using distributed denial-of-service (DDoS) to disrupt normal traffic, for example.

While it can be said that gangs have slightly different motives, there are a few key motivations and trends that can be attributed to some, if not all, the major gangs of 2023:

  • Financial Gains: As with any form of extortion, the primary motivation behind most ransomware attacks is profit. Ransomware attacks primarily aim to extort money from individuals and businesses, so any gang using these attacks is very clearly after some kind of financial gain.
  • Ease of Use: Unlike other, more advanced forms of cybercrime, ransomware attacks can be bought as a kit from underground markets. This means that less technically skilled individuals can get their hands on ransomware tech with much more ease than other methods of attack.
  • Powerful Monetisation: While a ransom by itself is already a powerful form of extortion, using double extortion methods (where attackers aim for a ransom as well as to extract data to sell later) is a powerful method of monetisation and can result in a bigger payout than other financially minded attacks.
  • Evolving Technologies: Ransomware attackers are constantly increasing their technological capabilities – and gangs sometimes collaborate to speed up the process. This means that it’s hard to keep up with evolving attacks, as gangs use much newer and relatively unknown technologies.
  • Politics: Some gangs are affiliated to political or governmental figures, which means that some of these cyberattacks are acts of cyberwarfare that are disguised as civilian-level attacks. Due to the black-market nature of these attacks, it’s hard to prove that there is an affiliation between a government and the hackers who commit the attack, which makes it a relatively risk-free way to set back political enemies.

Notorious Ransomware Gangs of 2023

LockBit 3.0

Probably one of the most infamous groups out there when it comes to ransomware, LockBit 3.0 is a group of ransomware attackers that also sell attacks as a ransomware-as-a-service (RaaS) package – and is the largest perpetrator worldwide; their attacks accounted for 39% of all ransomware attacks between October 2022 and May 2023.

Its most frequent point of attack is through phishing, but the gang also exploits vulnerabilities of target organisations to gain access and deploy the attack. Attacks mainly focus on countries in Western Europe, North America, and Asia, and have taken down major companies, such as Royal Mail in the United Kingdom.


BlackCat/AlphV is a newer ransomware gang that is suspected to be the successor of past dissolved ransomware operators, according to a member of LockBit.

AlphV use the programming language Rust to evade detection and encrypt victims’ files to ensure success, and to make sure attacks go unnoticed. The gang has targeted organisations such as Western Digital and Sun Pharmaceuticals.


CLOP Ransomware has extorted more than $500 million from various companies worldwide since it emerged in 2019, including two prominent United States universities and multiple large energy companies.

CLOP aims to encrypt and extract data by appending the .clop file extension to the files affected. With this, it can deny access and even leak portions of the data to prove it has access, before inciting organisations to pay up or lose even more in the process.


Royal ransomware has been used since 2022 to compromise organisations worldwide. Believed to have evolved from an older iteration known as ‘Zeon’, Royal ransomware attacks aim to exfiltrate data as fast as possible before deploying the ransomware and encrypting the systems.

Black Basta

Black Basta is a ransomware operator that utilises phishing and malicious attachments to deliver ransomware to targets, before using a standard double extortion tactic to exploit them.

Black Basta is believed to be a Russian gang formed from the defunct Conti group, which carried out similar attacks.

Mitigation and Prevention Strategies

Knowing how to mitigate and protect yourself from cyberattacks is vital to making sure that you’re not hit by one of the major ransomware gangs in the future.

Here are some steps that you can take to protect your organisation:

  • Create a thorough disaster recovery plan: A good disaster recovery plan can help your organisation get back on its feet after a catastrophic ransomware attack.
  • Backups are vital: Ransomware attackers aim to deny access to data to cripple your organisation into surrender. By backing up your most vital data, you can be assured you can get back onto your feet fast.
  • Ensure high standards of security: Lots of cyberattacks occur due to a lapse in cybersecurity. By ensuring that your cybersecurity standards are high, your organisation won’t be vulnerable to easy attacks.
  • Don’t pay the ransom: Paying the ransom is never going to end well. By preparing your organisation and investing in data recovery, you can ensure that your organisation is prepared to come out of the other end strong.

How ExTech Cloud Can Help

Ransomware attacks can be scary for any organisation, so educating yourself on the world of cyberattacks is vital to be prepared for every eventuality. By taking the correct steps to prepare yourself, you can easily ensure that your organisation is prepared for any possible attacks in the future.

If you’re looking for solid cybersecurity, our experts are here for you. We’ll be able to ensure that you’re prepared to take on any threat and stay protected, while also making sure that all the right precautions are in place.

Get in touch with us now and see how we can help!

Back to News & Resources

Related news

    Book a free online consultation

    We love talking to businesses and understanding what they do and what they need. If you'd like to book a short, no obligation consultation, please provide us with your details. We understand that you may already have an IT company, consultant or team, so all contacts are treated as completely confidential. A fresh new IT approach could begin here...

    DD slash MM slash YYYY


    Get answers to common questions here.

    News & Resources

    Get latest updates, downloads and white papers.