**5. Ransomware groups**

This section highlights some of the high-profile threat actors that have revolutionized ransomware campaigns.

Conti also known as Wizard Spider is a Russia-based cybercriminal operational since 2016 [13]. The group is known for being the operator of Ryuk and Conti ransomware variants and resorts to big game hunting (BGH). Conti used the Ryuk ransomware variant since September 2018 but switched to Conti in 2020 [14].

Carbon Spider also known as FIN7 is another Russia-based cybercriminal that operated since 2013. The group pivoted to ransomware and big game hunting in 2020 and marketed its own RaaS program dubbed as "DarkSide" [15]. In May 2021, the Colonial Pipeline ransomware attack made headlines across the globe that FBI attributed to the DarkSide group [16].

Pinchy Spider is a sophisticated cybercriminal operational since 2018 that is known to be operation of the REvil RaaS program [17]. Pinchy Spider is associated with some of the most high-profile ransomware attacks in history.

The LockBit group is a sophisticated cybercriminal operational since 2019. The group is known to consistently develop new tactics and techniques to stay ahead of other ransomware groups [12]. In 2021, a new variant known as Lockbit 2.0 was released that followed the RaaS model and LockBit 2.0 operators allegedly only work with experienced penetration testers [18].


### *Malware - Detection and Defense*

