Skip to main content

Report: 60% of orgs hit by ransomware-as-a-service attacks in the past 18 months

An image of a red computer screen with the words RANSOM written on it.
Image Credit: Suebsiri Srithanyarat / EyeEm

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


According to a new report from U.K.-based cybersecurity company Sophos, ransomware-as-a-service attacks became more popular in the past 18 months. Of the hundreds of ransomware attacks Sophos investigated during that time, nearly 60% were perpetrated by ransomware-as-a-service groups.

Such attacks, where one group builds the malicious code and sells it to another group to use in the virtual breaking-and-entering of a vulnerable enterprise or organization, are growing increasingly sophisticated. Over the last two years, Sophos has observed a growing trend where malware developers lease their code to attackers to do the dirty work of breaking into an enterprise company’s network and holding its systems or data hostage until a ransom is paid.

The Conti brand of ransomware-as-a-service, which the FBI said in May had attacked 16 medical and first responder networks, was the most popular type of ransomware deployed during that time.

Pie chart. Ransomware families investigated by Sophos Rapid Response, 2020-2021. Conti infection rate portends the expansion of the RaaS model. Nearly four in five calls to Sophos Rapid Response service came as the result of a ransomware attack, and among those calls, Conti was the most prevalent ransomware we encountered at 16% of engagements. The next most frequent were the three Rs -- Ryuk, REvil, and Ragnarok -- who together accounted for the next 28% of attacks. Among the remaining 56% of incidents, we encountered ransomware under 39 different names.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

The report notes that some malware developers even create their own attack playbooks and make them available to their affiliates. As a result, different attack groups end up implementing very similar attacks. The more that specialist ransomware programmers outsource their malicious code and infrastructure to third-party affiliates, the more the size and scope of ransomware delivery methods will grow.

It is no longer enough for organizations to assume they’re safe by monitoring security tools and ensuring they’re detecting malicious code. IT teams need to understand the evolution of ransomware, and specifically the growing ransomware-as-a-service trend, in order to develop effective cybersecurity strategies for protecting their organizations in 2022 and beyond.

Sophos compiled the data in the report from a statistical analysis of the hundreds of ransomware attacks and hundreds of thousands of malware samples its threat researchers and response teams investigated in the past 18 months.

Read the full report by Sophos.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.