Looking beyond the “older” RaaS threat groups like Ryuk, DoppelPaymer, and Revil, today’s modern ransomware-as-a-service operator is far more business-like and specific in execution.

This now nearly 5-year old cyberthreat model empowers just about anyone wanting to be a would-be cyber-thug to jump in and use some very powerful and sophisticated tools to accomplish what only those with extensive development backgrounds could achieve. Most news stories focus on the more “successful” ransomware families, but a new article from cybersecurity vendor Avast showcases Darkside (a spinoff of Revil from back in 2020) – and it’s worth a read.

The newest trend in ransomware attacks is specificity; industry verticals, business sizes, victim titles and roles, social engineering themes and TTPs – and Darkside as them all.

According to Avast, Darkside is a great representation of the modern ransomware threat group:

  • They refine their victim target list, looking for the greatest ability to pay large ransoms
  • They do a ton of diligence on who to target and customize delivery for each attack
  • Their approach to operations is far more corporate-like than a bunch of developers that built some affiliate-friendly ransomware and posted it to the dark web

The fact that a cybercriminal organization like this exists is troubling; the more organized the bad guys get, the more likely their chances of successfully attacking your organization. And with the added “as a service” factor, this concern should be multiplied ten-fold.

Remember, one of the most effective ways to thwart ransomware attacks using phishing as the initial attack vector is through Security Awareness Training which empowers users to identify suspicious email content before interacting with it, stopping the attack in its tracks.