Ransomware-as-a-Service (RaaS)

Think of Ransomware-as-a-service (RaaS) in the larger Malware-as-a-Service (MaaS) ecosystem. RaaS allows less experienced adversaries to carry out attacks.

While phishing is still used, drive-by download, VPN vulnerabilities and distribution over botnets are more likely used.

For workstations (Windows, macOS, *nix), a ransomware infection means that data on the device has been encrypted or the operating system is being blocked, and its owner receives a message to pay a ransom. Mobile ransomware (Android, iOS) variants can also encrypt, but most use other techniques.

While individuals, companies, and NGOs are all targets, the compromise of a small number of user accounts that have additional access or privileges, are especially valuable to adversaries. A ransomware attack can mean the loss of data, spending large sums of money, or both.

We do it for [insert reasons here]

RansomedVC published the data of nine victims on its leak site in August 2023. The group has adopted the ideology of many other ransomware actors: “We are doing it for pentesting”, and humorously adds that any vulnerabilities found must also be reported to Europe’s General Data Protection Regulation (GDPR), threatening victims with data breach fines if the ransom is not paid.