Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses.
April 24, 2025 By Alexander Culafi
The ransomware-as-a-service model is perpetually troubling for dropping the barrier to entry for aspiring ransomware actors, and two threat actors are innovating in the space with additional affiliate models.
Extended detection and response vendor Secureworks (owned by Sophos) published research today detailing expanded affiliate models belonging to ransomware-as-a-service (RaaS) gangs DragonForce and Anubis.
As a model, ransomware-as-a-service (RaaS) has gained significant popularity in recent years. A threat actor typically sells or leases many of the tools a less experienced cybercriminal (or affiliate) would need to conduct a ransomware attack; the affiliate typically shares the proceeds from subsequent attacks with the operator.
