"RaaS Groups Forced to Change Tack as Payments Decline"

Security researchers at Coveware found that Ransomware-as-a-service (RaaS) operators are evolving their tactics yet again in response to more aggressive law enforcement efforts.  The researchers identified three characteristics of RaaS operations that used to be beneficial but are increasingly seen as a hindrance.  The first is RaaS branding, which has helped to cement the reputation of some groups and improve the chances of victims paying.  However, the researchers noted that branding also makes attribution easier and can draw the unwanted attention of law enforcement.  The researchers stated that RaaS groups are keeping a lower profile and vetting affiliates and their victims more thoroughly.  The second evolution in RaaS involves back-end infrastructure, which used to enable scale and increase profitability.  However, it also means a larger attack surface and a digital footprint that’s more expensive and challenging to maintain.  As a result, the researchers stated that RaaS developers are being forced to invest more in obfuscation and redundancy, which is hitting profits and reducing the amount of resources available for expansion.  Finally, RaaS shared services used to help affiliates with initial access, stolen data storage, negotiation management, and leak site support.  However, this required a large wage bill to support and ran the risk of malicious insiders infiltrating RaaS operator groups.  That means affiliates are increasingly required to handle initial access, stolen data storage, and negotiations alone, likely reducing their profits.

Infosecurity reports: "RaaS Groups Forced to Change Tack as Payments Decline"