As the pandemic gave way to bigger attack surfaces, threat actors started upgrading their operations. This gave rise to the Ransomware-as-a-Service (RaaS) model as affiliates enable ransomware gangs to attack more targets with minimal effort. 

Why RaaS?

  • With RaaS, threat actors with limited skills can benefit from the ransomware economy.
  • The rise in popularity of the RaaS model indicates that attackers can perform remote, highly targeted attacks. This has the potential to impact national security and the security of critical infrastructure as well.
  • In addition to the above, the RaaS model is not just a cost-effective strategy, but also provides an extra layer of security to threat actors.

RaaS wants negotiators

With RaaS evolving into a corporate structure, gangs are looking for negotiators. The role of negotiators is to extort victims into paying the ransom. This has become a trend in the ransomware ecosystem as threat actors expert at the art of negotiation emerge. Apart from negotiating, they manage the pressuring aspect by making calls, conducting DDoS attacks, and threatening to leak sensitive information. 

Some infamous RaaS gangs

  • AvosLocker is a RaaS that surfaced first in June and has been observed looking to recruit new affiliates. 
  • LockBit 2.0 RaaS has been operating for three years and has conducted multiple high-profile attacks. The gang’s leak site contains the names of 52 victims from the U.S., the U.K, Austria, Romania, Brazil, and Switzerland, among others.

In essence

Ransomware capabilities are quite influenced by the competition in the market, which also drives the propagation of the malware and incentives offered by RaaS actors. Organizations should, thus, implement security in layers to stay safe from such threats.

Cyware Publisher