The 10 most notorious cyber crime gangs in the world

The 10 Most Notorious Cyber Crime Gangs in 2025

Over the past 24 months, some familiar names have maintained their grip on the cyber underworld, while new and emerging gangs have unleashed devastating attacks on businesses globally—particularly small and medium-sized enterprises (SMEs). 

Here’s an updated list of the most dangerous cyber crime gangs that business owners need to be aware of in 2025. 

#10: Akira (NEW) 

Akira has swiftly emerged as a significant cyber threat, focusing on SMEs that operate outdated or unpatched systems. This group exploits these vulnerabilities to encrypt critical data and demand substantial ransoms. 

• Biggest Known Attack: In 2023, Akira launched ransomware attacks on over 250 organisations worldwide, extorting approximately $42 million in ransom payments. (Source: The Record) 

• Strategy: Data encryption with a double extortion model, where stolen data is threatened with public release if the ransom is not paid. 

#9: Vice Society (NEW) 

Vice Society has ramped up its ransomware campaigns, specifically targeting education providers, local government services, and SMEs affiliated with these industries. 

• Biggest Known Attack: Between 2022 and 2023, Vice Society attacked numerous schools across the UK and the US, including the Los Angeles Unified School District, severely disrupting operations for thousands of students.  

• Strategy: Targeted ransomware attacks followed by data leaks to pressure victims into paying ransoms. 

#8: REvil (up from #9) 

REvil remains active but has faced multiple disruptions from international law enforcement. Despite this, the group has resurfaced in smaller-scale attacks. 

• Biggest Known Attack: The infamous 2021 Kaseya VSA ransomware attack impacted over 1,500 businesses globally, with cyber criminals demanding a $70 million ransom. 

• Strategy: Operates on a Ransomware-as-a-Service (RaaS) model, allowing affiliates to deploy ransomware in exchange for a share of the ransom proceeds. 

#7: cl0p (stays at #7) 

cl0p has escalated its focus on supply chain attacks, affecting both SMEs and large enterprises. 

• Biggest Known Attack: The 2023 MOVEit Transfer data breach affected over 2000 organisations and more than 60 million individuals, making it one of the largest ransomware attacks in history.  

• Strategy: Exploiting zero-day vulnerabilities with double extortion methods, often stealing sensitive data before encryption. 

#6: Black Basta (NEW) 

Black Basta has quickly become a formidable force in the ransomware landscape, frequently targeting SMEs across multiple industries. 

• Biggest Known Attack: In 2023, Black Basta was involved in several high-profile attacks, including those against government facilities and critical infrastructure.  

• Strategy: Advanced ransomware deployment techniques and data exfiltration for maximum leverage. 

#5: Evil Corp (Down from #4) 

Increased sanctions and law enforcement pressure have made it harder for Evil Corp to carry out large-scale attacks, though the group remains a significant threat. 

• Biggest Known Attack: Evil Corp has been linked to financial fraud exceeding $100 million, with its Dridex malware used to steal funds from banks in over 40 countries. 

• Strategy: Multi-pronged attacks, including ransomware and banking trojans that drain financial accounts. 

#4: BlackCat (ALPHV) (NEW) 

BlackCat is one of the most sophisticated ransomware gangs, using advanced encryption techniques and strategic cyber attacks to cripple businesses. 

• Biggest Known Attack: In early 2024, BlackCat targeted UnitedHealth Group’s tech unit, Change Healthcare, compromising personal data belonging to nearly 190 million individuals. (Source: Reuters) 

• Strategy: Double extortion and leveraging advanced ransomware to encrypt and steal critical data. 

#3: Royal (NEW) 

Royal ransomware operates with extreme aggression, launching highly sophisticated attacks on healthcare and manufacturing SMEs. 

• Biggest Known Attack: In 2023, Royal ransomware became one of the most significant threats to critical infrastructure, particularly in the healthcare and public health sectors.  

• Strategy: High ransom demands, targeted attacks, and double extortion tactics. 

#2: LockBit (Up from #3) 

LockBit remains one of the most dominant ransomware gangs, targeting SMEs globally. Despite ongoing law enforcement efforts, its operations continue to evolve. 

• Biggest Known Attack: In June 2024, LockBit orchestrated a massive data breach of Evolve Bank & Trust, affecting numerous financial technology companies. 
• Strategy: Ransomware-as-a-Service (RaaS) with continuous adaptations to bypass security measures. 

#1: FIN7 (Maintains #1) 

FIN7 continues to operate with military-like efficiency, adapting its cyber tactics to steal credentials, deploy ransomware, and monetise stolen data. 

• Biggest Known Attack: FIN7 has been involved in several large-scale credential theft and financial fraud schemes, targeting businesses across multiple industries. 

• Strategy: Credential theft, advanced ransomware deployment, and illicit data monetisation. 

Key Changes in 2025 

✅ New Entrants: Akira, Vice Society, Black Basta, Royal, and BlackCat (ALPHV).  

✅ LockBit moves up to #2 due to its persistent dominance.  

✅ Evil Corp dropped slightly due to increased law enforcement pressure.  

❌ Conti, DarkSide, Lapsus$, and SideCopy have either disbanded or been absorbed by other groups. 

Cyber crime is evolving at an alarming rate, with SMEs increasingly in the crosshairs of these sophisticated gangs. Their attack methods include ransomware, phishing, and extortion, exploiting businesses with weaker security postures. 

Keen to learn more about protecting your business?

// Need more help?

Contact our team today.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.