60% ransomware attacks penetrated by RaaS groups in last 18 months: Sophos

Around 60% ransomware attacks were penetrated by the ransomware-as-a-service groups in the last 18 months, cybersecurity firm Sophos has said in its latest report

Another recent report by Gartner showed that the topmost concerns facing executives in the third quarter of 2021 were the threat of “New Ransomware Models”.   

Also read: Ransomware-as-a-service: What CISOs need to know

The ransomware-as-a-service has flourished as a business with some RaaS groups offering training, customer support and even refunds if the ransomware they offer to cybercriminals fails to work.  

Some of the ransomware families who have a customer support wing include Torrent Locker, Cerber and Cryptomix.   

The Sophos report said that some developers create their own attack playbooks and make the same available to their co-hackers, which are being imitated by other ransomware groups. 

Sophos compiled data for the report through analysing multiple ransomware attacks and malware samples from its threat research lab over the past 18 months.

“Sophos believes that in 2022 and beyond, the RaaS business model will continue to dominate the threat landscape for ransomware attacks as the model allows ransomware construction experts to continue improving their product,” the report stated.   

The cybersecrutiy company’s report showed that nearly four in five calls to the Sophos Rapid Response Service came as a result of a ransomeware attack, and the most prevalent among them were the group called as Conti.  

The next in line were the three Rs, i.e. Ryuk, REvil and Ragnarok. The trio together accounted for 28% of all attacks.  

The rest of the 56% were distributed among 39 small ransomware groups.