Skip to main content

Ransomware has a long history, dating back to the late 1980s. Today, it’s generating billions of dollars in revenue for the criminal groups behind it. Victims incur recovery costs even if they pay the ransom. Sophos reports that the average cost of a ransomware attack in 2020 was nearly $1.5 million for victim organizations that paid ransoms and about $732,000 for those that didn’t.

Given the financial benefit to attackers, it’s no surprise that ransomware gangs and malware have proliferated. The number of ransomware threat actors—those capable of developing and delivering code—is likely in the hundreds. That’s not including so-called “affiliates” who buy ransomware-as-a-service (RaaS) offerings from some of these threat actors.

Below is a list of key ransomware malware and groups, selected for inclusion based on their impact or innovative features. It isn’t, and isn’t intended to be, an exhaustive list. While some of these ransomware groups are no longer active, that’s no guarantee they won’t reappear bigger and badder someday, as is too often the case.


History: Cerber is an RaaS platform that first appeared in 2016, netting attackers $200,000 in July of that year.


All rights reserved Jenson Knight.