New ransomware gangs 2024
By |Published On: June 24th, 2024|8 min read|Categories: Ransomware|

2023 was a year that saw ransomware continuously break records, and while the usual  suspects LockBit and BlackCat represented 38% of all reported attacks, we also saw around 29 new ransomware gangs begin operations last year.

Notable newcomers in 2023 included Akira, who were responsible for over 50 attacks and Rhysida who made headlines with attacks on organizations including the British Library and Prospect Medical.

We all know of the notorious groups that have been around for a number of years who, of course, are still making headlines with their notable attacks, but it is also important to watch those new groups who are emerging and starting to make waves in the ransomware landscape.

This year, we’ve decided to track new ransomware gangs and their victims and will keep you updated as and when we discover them.




Victims claimed: YKP, Headwater Companies, Al Shefa Farm, Headwater Companies, Benthanh Group, Shooting House, SP Mundi, Merchant ID, Hozzify, SIEA, DVT Technology Ltd, Rekamy, Scadea Solutions, Computan, Kovra, SBM and Co, McKim & Creed, PGESCo, La Pashina, Woodsboro ISD, Avant IT, Agencia Host, Better Accounting Solutions, Carrozzeria Aretusa, UnitedHealth Group, Florio Pharmacy Napoli, Skyway Coach Lines, Baca County, Robeson County Sheriff’s Office, Grupo Cuevas, Empresa De Energia Del Bajo Putumayo, Mercatino, FabricaInfo, CYNC Solutions, Harman Realtors, Europeanprof, R H Bluestein, Design Intoto, Jute Trading, Precision Time Systems, Polaris, Extra, Universidad Nacional Autonoma de Mexico, Islamic Emirat of Afghanistan National Environmental Protection Agency, NRS Healthcare, Thaayakam, Kamo Jou Trading, Administacao do Porto de Sao Francisco do Sul, Eucatex USA, LPDB KUMKM Kementerian Koperasi, Confins Transportes, Neodesha Housing Authority, Rocky Mountain Sales, Chuoss, East Shore Sound, Okaunt, American Clinical Solutions, Matadero de Gijon, Peek Traffic, Houston Waste Solutions, Brittany Horne, ThrottleUp, ISETA ECA Group, Christies, SIAED SpA, PSG Banatski Dvor, Bjurholm, Frontier Communications, Crezit Group, U GRO Capital, Novabit Srl, Smic USA, Hospital Adventista de Manaus, Racal Acoustics Ltd, Parlorenzo, Domain at Cleveland, LIDER IT Consulting, GB RICAMBI SPA, Invisio Communications, Bitz Softwares, Multi-Wing International, Sicoob, Harris Ranch Beef Company, Cloud Europe, Danielle Group, Fusco, TV Equinocio Comunicaes Ltd, Midamea, Florida Health, NTT Data Romania SA, SF Medical, Hauptmann, Fine CO SRL, Daesang America Inc, SWCS Inc, aedifica, Baim Institute of Clinical Research, BFC Solutions, Erlebnisland Eurostrand GmbH, Lynch Aluminium, Netavent, Rite Aid, Zepter, Mellitah Oil & Gas/Enigas, Cameron Hodges, Bench International, Ceopag, HLB Puerto Rico LLC, Grupa PGD, The City of Newcastle, Metalfrio Solutions, Erma Group, Glow FM, Garudafood Putra Putri Jaya, Kumagai Gumi Co Ltd, Byzan Systems Pvt Ltd, SigmaControl


Victims claimed: Cogans Carrigaline, The Center for Molecular Medicine, AIVI Italian Association of Veterinary Hygienists


Victims claimed: Infiniti USA, Bazaarvoice, Department of Foreign Affairs Trade Ireland, Epic Games, DJI China, Kick, Shein


Victims claimed: Centre Hospitaliter , Metal 7, Hospitaltechnik Planungsgesellschaft, MCM Telecom, Badel, Luzan Health Consulting



Dark Vault

Reports and speculation are beginning to suggest that Dark Vault may be an rebranding attempt by LockBit.

Victims claimed: Hawk SCADA, HireBus, EZ Truck Solutions, Zane Benefits, Baheya Beauty, Tommy Club, THSP Risk Management, Qint, Bigtoe Pose, AtriLine, Sandip University, IKF Home Finance, Eskarabajo, Ale Educacao e Tecnologia, Nord Space, ZeepLive, Journo Travel Co, Oexpress, Decreditos, BuyEazzy, Panda Care, LifeVet Nova Friburgo, Sequel Logistics, Eurovilla Real Estate Agency


Victims claimed: NorthBay HealthCare, Mulford Construction, Firstmac, ORGA Soft, Shamrock Trading Corporation, DME Delivers, JLA Group, Grand Perrier Industrie, Diligent Delivery Systems


Victims claimed: Lincoln Graca Neto, Rosalvo, Willian Segallin, Andrea Rechia, Hominem Clinic, Escultural, Indigo ENT Group, Concisa Pavimentcao Terraplanagem

APT73 (Aka Erleig)

Victims claimed: Trifecta Technologies, Melting Mind, Credio, ServicePower, Brightway Consultants, AMI Global, AlphaNova, Apex Engineering Services, Borrer Executive Search, Gannon Solicitors, Brightway Consultants Ltd Chartered Surveyors


Victims claimed: O’Connell Mahon Architects, RSH Legal, Semilab, Information Integration Experts, Glenwood Management, Northeast Orthopaedics and Sports Medicine, College Park Industries, Allen Blasting and Coating, Erler & Kalinowski, S&F Concrete Contractors, The Blake Law Firm, United Equitable Group, Hospitals & Physicians Clinics, Promark Brands, The Sourcing Group

Space Bears

Victims claimed: Fire Fighting Systems, Filesenstudio, Thinkadam, CORTEX Chiropractic & Clinical Neuroscience, Surewerx USA, SM EMBALLAGE, Mr Bean, Mesopolys, Hytera America, InVogue Total Women’s Healthcare, Lee Trevino Dental, Seoyon Automotive do Brasil Ltd, Cuccuini, Sawa International UAE, BLADE, Heli Securite, ROTOR TEAM Helicopter Services, Un Museau Vaut Mille Mots, Haylem, Lexibar




This information has been collated from various online sources.

Last updated 07/24/2024 at 09:11 GMT

Share This Story, Choose Your Platform!

Related Posts

  • Crowdstrike Incident

The CrowdStrike Incident: A Global IT Meltdown

July 23rd, 2024|

Discover how the recent CrowdStrike incident caused a global IT meltdown, affecting thousands of businesses. Learn about the event timeline, its impact, and how BlackFog's advanced practices can help prevent such risks. Stay informed and protect your business from future cybersecurity threats.