Today, Microsoft is excited to publish our second edition ofCyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, we pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). Instead of relying on what cybercriminals say about themselves through extortion attempts, forum posts, or chat leaks, Microsoft threat intelligence gives us visibility into threat actors’ actions.
RaaS is often an arrangement between an operator, who develops and maintains the malware and attack infrastructure necessary to power extortion operations, and “affiliates” who sign on to deploy the ransomware payload against targets. Affiliates purchase initial access from brokers or hit lists of vulnerable organizations, such as those with exposed credentials or already having malware footholds on their networks. Cybercriminals then use these footholds as a launchpad to deploy a ransomware payload against targets.