Ransomware-as-a-Service (RaaS) 2.0

Definition

Subscription-based platforms offering AI-enhanced attack toolkits with profit-sharing models for cybercriminal affiliates.

Technical Details

Ransomware-as-a-Service (RaaS) 2.0 refers to an advanced model in which cybercriminals offer ransomware attack tools on a subscription basis. These platforms typically provide users with access to sophisticated malware, including features enhanced by artificial intelligence, which can automate tasks such as targeting vulnerabilities, data encryption, and evading detection. RaaS 2.0 incorporates a profit-sharing model, where developers of the malware take a percentage of the ransom payments collected by their affiliates, simplifying the process for less technically skilled criminals to deploy ransomware attacks without extensive programming knowledge.

Practical Usage

In practical terms, RaaS 2.0 is utilized by various cybercriminal groups to execute ransomware attacks against organizations and individuals. These platforms allow users to customize their attacks, select target industries, and manage negotiations with victims, often through user-friendly interfaces. Real-world implementation includes the use of online forums and darknet marketplaces where affiliates can purchase or subscribe to these services. The ease of deployment enables a wider range of attackers to engage in ransomware activities, increasing the overall incidence of ransomware attacks.

Examples

• The REvil ransomware group operated a RaaS platform that allowed affiliates to launch ransomware attacks and share profits with the developers.
• The DarkSide ransomware strain provided a subscription service where affiliates could access the malware and support services for executing attacks on corporate networks.
• The LockBit group has been known for its RaaS model, enabling users to launch attacks against various sectors while offering a dashboard for tracking progress and payments.

Related Terms