This document summarizes several notorious malware strains and cybercriminal groups that were active in 2021: - LemonDuck is a cryptomining and credential-stealing malware that can infect both Windows and Linux systems. It removes competing malware and security protocols from infected devices. - REvil conducted the high-profile ransomware attack on Kaseya in July 2021 that impacted many American companies. It offers ransomware-as-a-service and uses affiliate networks to conduct attacks. - Trickbot and Dridex are longstanding banking trojans that are frequently used to deploy ransomware by moving laterally through networks and harvesting credentials. - Conti is a prolific ransomware group behind