From news.sophos.com
The transition to a service model of doing business transformed ransomware, giving its developers the ability to focus on features, and leaving the harder part – the break-in and deployment to the target’s computers – to its customers, threat actors who employ a wide range of attack styles, software, and expertise to the task.
One of the ransomware-as-a-service (RaaS) we encounter most frequently, known alternately as Sodinokibi or REvil, is as conventional a ransomware as we’ve seen: Its routines, configuration, and behavior what we’ve come to expect from a mature family that’s, obviously, well used in the criminal underground.