4 most dangerous emerging ransomware threat groups to watch

Credit: ID 72775991 © Ducdao Dreamstime.com

New research from Palo Alto Networks’ Unit 42 has identified four emerging ransomware groups that have the potential to become bigger problems in the future. These are AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0.

Emerging ransomware threat groups

“With major ransomware groups such as REvil and Darkside lying low or rebranding to evade law enforcement heat and media attention, new groups will emerge to replace the ones that are no longer actively targeting victims,” stated the security firm’s latest report Ransomware Groups to Watch: Emerging Threats. Within the research, Doel Santos, threat intelligence analyst, and Ruchna Nigam, principal threat researcher, detailed behaviors of the four ransomware groups.


First observed in July 2021, AvosLocker operates within the ransomware-as-a-service (RaaS) model and is controlled by avos, which advertises its services on dark web discussion forum Dread. Its ransom note includes information and an ID used to identify victims, instructing those infected to visit the AvosLocker Tor site for recovery and data restoration. According to the research, ransom requests have been between US$50,000 and US$75,000 in Monero, with infections identified at seven organisations around the globe.

Hive Ransomware