A recent Microsoft report lays out how the proliferation of ransomware as a service (RaaS) is fast becoming a dominant business model, enabling most anyone, regardless of their technical expertise, to deploy ransomware. Exceprts:
RaaS (Ransomware as a Service) lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs have 50+ “affiliates,” as they refer to the users of their service, with varying tools, tradecraft, and objectives. RaaS kits are easy to find on the dark web and are advertised in the same way goods are advertised across the internet.
A RaaS kit may include customer service support, bundled offers, user reviews, forums and other features. Cybercriminals can pay a set price for a RaaS kit while other groups selling RaaS under the affiliate model take a percentage of the profits.
..attacks follow a template of initial access via malware infection or exploitation of a vulnerability then credential theft to elevate privileges and move laterally. Industrialization allows prolific and impactful ransomware attacks to be performed by attackers without sophistication or advanced skills.