Home » Blogs » An Example of RaaS

An Example of RaaS

Ransomware as a service fosters a new malicious model

Macbook Pro on Black Table

We touched on ransomware as a service not too long ago, and we’ll dive back into this growing model by taking a look at more prominent RaaS kits. This trend highlights an alarming growth in malicious activity because it takes a franchises approach towards viruses and malware attacks. There are several reasons. One is that it adds “legitimacy” for dark web markets. Two is that it makes ransomware far more prolific and accessible to threat actors. Three is that it streamlines the process for threat actors to deliver ransomware payloads since RaaS can provide materials for phishing schemes.

To help highlight this, we’ll take a look at XingLocker. According to TrendMicro, the XingLocker “team” focuses on Windows systems. TrendMicro’s investigative body also found XingLocker is a part of Mount Locker, a larger overall RaaS franchise.

It is indeed a strange thought, the idea that malware and related services are treated like shopping for normal products. This is the continued normalization of ransomware, despite the disastrous effect it has on people. Facing that reality and normalization is a key component to defending against it.


The significance of XingLocker operated by Mount Locker demonstrates another problem: that by expanding the RaaS “franchise,” detecting and investigating their origins creates more difficulties.

TrendMicro notates the importance because it determines a difference in how XingLocker seeks profit and generates income. Doing so can potentially allow for better ransomware detection while understanding how RaaS models will attempt to operate in the future.

The workflow appears to be thus: third-parties purchase services offered by XingLocker (or Mount Locker). Those resources include kits which could contain anything from phishing email templates to lists of targets (paying more gets you more). Once they get their tools, they’re free to deploy them as desired. What does this get the ransomware gang? Brand recognition. Meaning, they’re likelier to get business from threat actors looking to get into the ransomware game.

More customers means additional threats and dangers.

Best offense is a good defense

In matters like these, the proactive thing to do is adopt good ransomware defense strategies. Some of those strategies are:

  • Configure monitoring for unusual activity, namely ports, network connections, and user activity. Only allow privileged access when necessary to the correct parties.
  • Maintain a segmented network and assure lateral movement in your network is difficult in case of a breach.
  • Educate your workforce and make routine assessments about business readiness, adjusting as needed. It’s best to emulate the “worst possible scenario” to gauge your recovery times. You should be conducting penetration tests as a general rule of thumb.
  • Conduct a full-scale audit to examine connected devices, storage units, and connections. Highlight any platform that isn’t secure.

If you’re concerned even with these precautions in place, you may need additional assistance from a managed service provider. You can contact Bytagig today for additional information.

Share this post: