Over the past 24 months, some familiar names have maintained their grip on the cyber underworld, while new and emerging gangs have unleashed devastating attacks on businesses globally—particularly small and medium-sized enterprises (SMEs).
Here’s an updated list of the most dangerous cyber crime gangs that business owners need to be aware of in 2025.
#10: Akira (NEW)
Akira has swiftly emerged as a significant cyber threat, focusing on SMEs that operate outdated or unpatched systems. This group exploits these vulnerabilities to encrypt critical data and demand substantial ransoms.
Strategy: Data encryption with a double extortion model, where stolen data is threatened with public release if the ransom is not paid.
#9: Vice Society (NEW)
Vice Society has ramped up its ransomware campaigns, specifically targeting education providers, local government services, and SMEs affiliated with these industries.
Strategy: Targeted ransomware attacks followed by data leaks to pressure victims into paying ransoms.
#8: REvil (up from #9)
REvil remains active but has faced multiple disruptions from international law enforcement. Despite this, the group has resurfaced in smaller-scale attacks.
Biggest Known Attack: The infamous 2021 Kaseya VSA ransomware attack impacted over 1,500 businesses globally, with cyber criminals demanding a $70 million ransom.
Strategy: Operates on a Ransomware-as-a-Service (RaaS) model, allowing affiliates to deploy ransomware in exchange for a share of the ransom proceeds.
#7: cl0p (stays at #7)
cl0p has escalated its focus on supply chain attacks, affecting both SMEs and large enterprises.
Biggest Known Attack: The 2023 MOVEit Transfer data breach affected over 2000 organisations and more than 60 million individuals, making it one of the largest ransomware attacks in history.
Strategy: Exploiting zero-day vulnerabilities with double extortion methods, often stealing sensitive data before encryption.
#6: Black Basta (NEW)
Black Basta has quickly become a formidable force in the ransomware landscape, frequently targeting SMEs across multiple industries.
Strategy: Advanced ransomware deployment techniques and data exfiltration for maximum leverage.
#5: Evil Corp (Down from #4)
Increased sanctions and law enforcement pressure have made it harder for Evil Corp to carry out large-scale attacks, though the group remains a significant threat.
Strategy: Multi-pronged attacks, including ransomware and banking trojans that drain financial accounts.
#4: BlackCat (ALPHV) (NEW)
BlackCat is one of the most sophisticated ransomware gangs, using advanced encryption techniques and strategic cyber attacks to cripple businesses.
Biggest Known Attack: In early 2024, BlackCat targeted UnitedHealth Group’s tech unit, Change Healthcare, compromising personal data belonging to nearly 190 million individuals. (Source: Reuters)
Strategy: Double extortion and leveraging advanced ransomware to encrypt and steal critical data.
#3: Royal (NEW)
Royal ransomware operates with extreme aggression, launching highly sophisticated attacks on healthcare and manufacturing SMEs.
Strategy: High ransom demands, targeted attacks, and double extortion tactics.
#2: LockBit (Up from #3)
LockBit remains one of the most dominant ransomware gangs, targeting SMEs globally. Despite ongoing law enforcement efforts, its operations continue to evolve.
Strategy: Credential theft, advanced ransomware deployment, and illicit data monetisation.
Key Changes in 2025
✅New Entrants: Akira, Vice Society, Black Basta, Royal, and BlackCat (ALPHV).
✅LockBit moves up to #2 due to its persistent dominance.
✅Evil Corp dropped slightly due to increased law enforcement pressure.
❌Conti, DarkSide, Lapsus$, and SideCopy have either disbanded or been absorbed by other groups.
Cyber crime is evolving at an alarming rate, with SMEs increasingly in the crosshairs of these sophisticated gangs. Their attack methods include ransomware, phishing, and extortion, exploiting businesses with weaker security postures.
Keen to learn more about protecting your business?
The 10 Most Notorious Cyber Crime Gangs in 2025
Over the past 24 months, some familiar names have maintained their grip on the cyber underworld, while new and emerging gangs have unleashed devastating attacks on businesses globally—particularly small and medium-sized enterprises (SMEs).
Here’s an updated list of the most dangerous cyber crime gangs that business owners need to be aware of in 2025.
#10: Akira (NEW)
Akira has swiftly emerged as a significant cyber threat, focusing on SMEs that operate outdated or unpatched systems. This group exploits these vulnerabilities to encrypt critical data and demand substantial ransoms.
#9: Vice Society (NEW)
Vice Society has ramped up its ransomware campaigns, specifically targeting education providers, local government services, and SMEs affiliated with these industries.
#8: REvil (up from #9)
REvil remains active but has faced multiple disruptions from international law enforcement. Despite this, the group has resurfaced in smaller-scale attacks.
#7: cl0p (stays at #7)
cl0p has escalated its focus on supply chain attacks, affecting both SMEs and large enterprises.
#6: Black Basta (NEW)
Black Basta has quickly become a formidable force in the ransomware landscape, frequently targeting SMEs across multiple industries.
#5: Evil Corp (Down from #4)
Increased sanctions and law enforcement pressure have made it harder for Evil Corp to carry out large-scale attacks, though the group remains a significant threat.
#4: BlackCat (ALPHV) (NEW)
BlackCat is one of the most sophisticated ransomware gangs, using advanced encryption techniques and strategic cyber attacks to cripple businesses.
#3: Royal (NEW)
Royal ransomware operates with extreme aggression, launching highly sophisticated attacks on healthcare and manufacturing SMEs.
#2: LockBit (Up from #3)
LockBit remains one of the most dominant ransomware gangs, targeting SMEs globally. Despite ongoing law enforcement efforts, its operations continue to evolve.
#1: FIN7 (Maintains #1)
FIN7 continues to operate with military-like efficiency, adapting its cyber tactics to steal credentials, deploy ransomware, and monetise stolen data.
Key Changes in 2025
✅ New Entrants: Akira, Vice Society, Black Basta, Royal, and BlackCat (ALPHV).
✅ LockBit moves up to #2 due to its persistent dominance.
✅ Evil Corp dropped slightly due to increased law enforcement pressure.
❌ Conti, DarkSide, Lapsus$, and SideCopy have either disbanded or been absorbed by other groups.
Cyber crime is evolving at an alarming rate, with SMEs increasingly in the crosshairs of these sophisticated gangs. Their attack methods include ransomware, phishing, and extortion, exploiting businesses with weaker security postures.
Keen to learn more about protecting your business?
// Need more help?
Contact our team today.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Recent Posts
Categories