Report: 60% of organizations affected by ransomware-as-a-service attacks within the last 18 months

According to a new report from the British cybersecurity company Sophos, ransomware-as-a-service attacks have become more popular over the last 18 months. Of the hundreds of ransomware attacks that Sophos investigated during that time, nearly 60% were committed by ransomware-as-a-service groups.

Such attacks, in which one group builds the malicious code and sells it to another group for use in the virtual hacking of a vulnerable company or organization, are becoming increasingly sophisticated. Over the past two years, Sophos has observed a growing trend where malware developers lease their code to attackers to perform the dirty work of breaking into a corporate corporate network and holding its systems or data hostage until a ransom has been paid.

The Conti brand of ransomware-as-a-service, which the FBI said in May had attacked 16 medical networks and first responder networks, was the most popular type of ransomware implemented during that period.

Pie chart.  Ransomware families surveyed by Sophos Rapid Response, 2020-2021.  The conti infection rate heralds the expansion of the RaaS model.  Nearly four out of five calls to Sophos Rapid Response service came as a result of a ransomware attack, and among those calls, Conti was the most prevalent ransomware we encountered at 16% of exposures.  The second most common were the three Rs - Ryuk, REvil and Ragnarok - which together accounted for the next 28% of the attacks.  Among the remaining 56% of incidents, we encountered ransomware under 39 different names.

The report notes that some malware developers even make their own attack playbooks and make them available to their affiliates. As a result, different attack groups end up implementing very similar attacks. The more specialized ransomware programmers outsource their malicious code and infrastructure to third-party affiliates, the more the size and scope of ransomware delivery methods will grow.

It is no longer enough for organizations to assume that they are secure by monitoring security tools and ensuring that they detect malicious code. IT teams need to understand the evolution of ransomware, and specifically the growing ransomware-as-a-service trend, to develop effective cybersecurity strategies to protect their organizations in 2022 and beyond.

Sophos compiled the data in the report from a statistical analysis of the hundreds of ransomware attacks and hundreds of thousands of malware samples that its threat researchers and response teams have examined over the past 18 months.

Read the full report from Sophos.


VentureBeat’s mission is to be a digital marketplace for tech makers to learn about transformative technology and trade. Our site provides essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to join our community to access:

  • updated information on topics of interest to you
  • our newsletters
  • gated thoughtful content and reduced access to our valued events, such as Transformation 2021: Learn more
  • networking features and more

sign up

Leave a Comment