The De-RaaSing of Ransomware

Since the appearance of GandCrab in 2018 ransomware groups have focused heavily on the affiliate model, Ransomware as a Service. Understandably, this has allowed RaaS operators to make a lot of money and given new Ransomware operators a point of entry. But, we are seeing a change in the way ransomware operators work. More of them are rejecting the RaaS model and preferring to work in smaller groups. The collapse of Conti accelerated this process, but it started before then. This talk will discuss this new phenomenon, how it happened and what it means going forward.