Ransomware is one of the most prolific and economically damaging cybercrime threats of the contemporary era. This malicious software employs cryptoviral techniques to encrypt victims’ data or system, extorting payment in cryptocurrencies for the release of decryption keys. 

This exploratory study aims to enhance knowledge about ransomware criminal groups. The focus is on ransomware criminal groups that targeted organisations in Australia, Canada, New Zealand and the United Kingdom between 2020 and 2022. Ransomware groups have increased significantly in size and sophistication across this period. 

The paper examines the evolution and activities of ransomware criminal groups. These groups can emerge and shut down quickly, with individual cybercriminals moving between ransomware groups as the ecosystem adapts to various pressures and opportunities. Results reveal the most active ransomware criminal groups, the median range of their careers and the most targeted victim organisations by country and sector type.