News & Insights

The rise of Ransomware-as-a-Service (RaaS)

4 February 2022Consultancy, Cyber Awareness
Ransomware-as-a-Service (RaaS)

According to the latest Threat Report from Sophos, 2022 is set to be the year of Ransomware-as-a-Service (RaaS). Whilst Ransomware is not a new form of attack, Sophos describe in their report how it is growing and becoming a key method of attack.

This method is one of the most damaging and costly attack methods affecting businesses across the world.

To give you some perspective, in 2020-2021 79% of the attacks the Sophos Rapid Response team responded to were Ransomware attacks.

The Sophos rapid response team have described a growth in ransomware as well as a contemporary model which is likely to persist and expand over the coming years.

Historically, threat actors have created bespoke ransomware to target specific organisations. What Sophos are now seeing, is that there are two groups involved in these attacks. The first group is a specialist in creating bespoke ransomware, the second group specialise in accessing the organisation to attack.

This RaaS model allows bespoke ransomware being made available to threat actors on a subscription type model.

During 2020-2021 Sophos encountered atleast 43 Ransomware ‘Families’. The biggest being Conti (16%), REvil (15%), Ryuk (9%), Ragnarok/LockBit (4%), Maze/Darkside/Black Kingdom (3%)

Luckily, the report further details that in 2021, an affiliate of the Conti RaaS service, released a treasure trove of information, designed to instruct affiliates on the steps required to implement ransomware attacks.

This information has benefitted companies such as Sophos as it has enabled them to analyse the contents to further define behavioural analysis and detection rules creating a stronger platform to protect your business.

If you’re concerned about any malicious activity within your organisation or would like to discuss how you can enhance your protection against Cyber Threats, get in touch with the team today: