KillSec Offers RaaS Platform with DDoS and Data Stealer Tools for $250


June 27, 2024

World map

Ransomware operators KillSec have rolled out a new platform offering that touts an advanced locker written in C++, a denial-of-service (DoS) tool, and an advanced infostealer for harvesting sensitive data.

“Access to KillSec’s RaaS program is available for a fee of $250, aimed at ‘trusted individuals,’ with KillSec taking a 12% commission from any ransom payments collected. This pricing model highlights the group’s commitment to making advanced cyber weaponry accessible while maintaining a profitable partnership with their clients,” The Cyber Express reports.

Takeaway: The rise of Ransomware as a Service (RaaS) gangs mimics the more conventional Software as a Service business model in every meaningful measure.  

RaaS platforms like the one KillSec is offering greatly reduce the technical barriers to becoming a ransomware campaign operator. Essentially anyone with very basic network admin skills can spin up an attack campaign.

The ransomware economy involves multiple players who specialize in various aspects of the larger ransomware attack. These elements include:

  • Initial Access Brokers: Initial Access Brokers (IABs) are highly skilled specialists who are exceptionally good at penetrating and establishing a foothold within secure networks. IABs often sell access to these compromised networks to other threat actors, including ransomware affiliates. The deeper an IAB can penetrate a network, the more valuable their services become. Purchasing credentials and access is surprisingly easy and relatively inexpensive.
  • RaaS Platform Providers: Ransomware-as-a-Service (RaaS) operators provide the software platform and backend to launch attacks. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates, and more all for a slice of the profits.
  • RaaS Affiliates: The actual ransomware attack is managed and executed by an affiliate; a person or group who plans and carries out the attack campaign. They obtain access via an IAB (or create their own), use a platform or toolkit from a RaaS operator, execute the attack, and then move the ransom dollars around to stay below the radar.
  • Crypto Exchange Money Launderers: The money launderers do just that – move illicit ransom payments through crypto exchanges with the intent to hide both the origins and the destination of the funds and then take a healthy fee for their services.  

The overall maturity, level of organization, and specialization within the ransomware economy means we are dealing with an adversary whose tactics, techniques, and procedures (TTPs) are approaching the sophistication of some nation-state-sponsored attackers.  

In many cases, there has been documented overlap between nation-state attack elements and those of cybercriminal ransomware gangs. Today's ransomware attacks are more complex and difficult to defend against than ever before.

The Halcyon team of ransomware experts put together this RaaS and extortion group guide as a quick reference guide based on data from throughout Q1-2024. You can access the full report and compare with previous quarters here: Power Rankings: Ransomware Malicious Quartile. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.