The most advanced RaaS operators provide portals that allow their subscribers to track the status of infections, payments, and encrypted files.
The global revenue from ransomware attacks was approximately $20 billion in 2020, highlighting the significant financial success of RaaS.
[3] Microsoft Threat Intelligence Centre (MSTIC) regards RaaS as different from previous forms of ransomware as it no longer has a tight link between tools, initial entry vector and payload choices.
Some of the main methods include: In a double extortion ransomware attack, the threat actors first encrypt the victim's data.
In addition to encrypting data and threatening to leak it, threat actors also launch DDoS attacks against the victim's website or infrastructure.
[6] In a "pure extortion" or "encryption-less ransomware" attack, the threat actors exfiltrate sensitive data but do not encrypt any files.
[6] Several well-known examples of RaaS kits include Hive, DarkSide, REvil (also known as Sodinokibi), Dharma, and LockBit.