Raas

The Gentlemen ransomware, operated by Storm-2697 as a RaaS, employs a combination of strong per-file encryption with aggressive self-propagation to achieve broad network compromise, targeting Windows environments and using double extortion tactics.

Ransomware-as-a-service (RaaS) attacks leverage affiliates for initial access, persistence, and exfiltration, using varied techniques like compromised RDP, vulnerable VPNs, and rogue RMM tools, impacting multiple organizations in a single campaign.

VECT 2.0 ransomware, a RaaS offering, permanently destroys large files due to an encryption flaw, discarding decryption nonces for files above 128 KB, rendering them unrecoverable and effectively acting as a wiper; it uses raw ChaCha20-IETF with no authentication.