Ransomware-as-a-Service (RaaS) operations are experiencing significant turmoil. Major players like Black Basta and LockBit have collapsed due to internal issues and external pressures. Black Basta fell apart after internal chat logs leaked, revealing that some operators were scamming victims by not providing working decryption keys. This betrayal shattered trust within the group, leading to its downfall. LockBit's situation was even worse; after a breach exposed its affiliate panel, sensitive data, including nearly 60,000 Bitcoin addresses and thousands of victim negotiation messages, became publicly available. Such leaks provide valuable insights for cybersecurity professionals, exposing the inner workings of these operations. In the wake of these collapses, new competitors like DragonForce have emerged, adopting more sophisticated business models. DragonForce not only offers competitive profit splits—80% to affiliates compared to the traditional 70%—but also integrates an access broker marketplace directly into its operations. This allows affiliates to connect quickly with suppliers, streamlining the process from access acquisition to ransomware deployment. The platform's approach represents a vertical integration of the attack chain, reducing the time between negotiation and attack, which poses a new challenge for cybersecurity teams. Other newcomers are also making their mark, with varying levels of sophistication. The Gentlemen, for instance, has launched a high-end RaaS program targeting experienced pentesters and promising 90% of ransom payments to affiliates. Their technical setup is advanced, employing robust encryption methods to secure their ransomware. In contrast, ShadowByt3$ has entered the scene with a more basic offering, charging a $250 fee for affiliates lacking corporate access. This wide spectrum of new players highlights the intense competition for talent in a fragmented market, as affiliates seek better opportunities amid the chaos of collapsing legacy groups.