Ransomware As A Service. What is it?

Ransomware as a Service(Raas)

The phrase “ransomware as a service” (RaaS) describes the practice of using ransomware as a tactic or business model. Ransomware services are sold to customers by organizations like Conti through servers.

In order to infect the systems of target organizations at the affiliate or buyer’s request, ransomware developers construct distinctive ransomware codes, which are subsequently used by ransomware operators. Like any other business, this service may be paid for by a one-time fee or by the proceeds generated by the ransomware code. However, many of the business models employed by cybercrime organizations are subscription-based, with perks like forum inclusion, round-the-clock help, and bundling. To learn more about securing your organization’s infrastructure, see Expert Tips on Improving Organizational Cyber Defense.

Of course, Conti is not the only cybercrime gang to carry out this operation; DarkSide and REvil are two other well-known Ransomware as a Service organizations. DarkSide claims to no longer exist, but in reality, they did so after a 2021 attack that shut down the Colonial Pipeline for six days, causing indignation among the people and DarkSide to declare their dissolution. The organization is alleged to have received more than $90 million in just nine months and to have stolen and leaked more than 2TB of data.

Another Russian-based vendor of RaaS was REvil. Since they started operating in April 2019, when another RaaS organization known as GrandCrab stopped its activities, it is anticipated that they have received more than $200 million. As stated by IBM, REvil was responsible for 37% of ransomware attacks in 2021, with ransomware being the number one type of cyberattack in that year. Russian security agency MOSCOW claimed that they had shut down REvil after a sweep was carried out across five Russian regions, according to the New York Times.

Although ransomware assaults can have a similar character, gangs are usually picky about the targets they choose. For instance, HIVE has a history of targeting healthcare facilities, whereas DarkSide has refrained from assaulting hospitals, non-profits, and educational institutions. This just serves to demonstrate that everyone has the potential to become a target.