Ransomware-as-a-Service is being promoted on Telegram by an Iranian developer. The same developer has previously distributed another version of BlackRouter called Blackheart. The actor is also promoting a remote access Trojan called BlackRat that allegedly includes features such as encrypted communications, AV evasion, small size, plugins, the ability to enable RDP, configure a miner, steal cryptocurrency wallets, password-stealer, and more. BlackRat is commonly distributed via hacking into Remote Desktop Services or through fake cracks and downloads.
Source: https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/