What is Ransomware-as-a-Service?

What is Ransomware-as-a-Service?
Ransomware is a type of malware that encrypts a victim's files, holding them hostage unless the victim pays a ransom for their decryption.

Anyone can conduct a ransomware attack

Ransomware-as-a-Service (RaaS) emulates the Software-as-a-Service (SaaS) business model, whereby the software provider (in this case, the ransomware developer) leases their software (the ransomware) to customers (other cybercriminals).

How to put in place Cloud backup best-practices to avoid data loss
Detect cyber-crime early with APEX® Advanced Threat Detection
Cyber Essentials Certification: What it is and why your business should get it

It represents a low-risk, high-reward opportunity for criminals, as very little effort and almost no technical knowledge are required to deploy an attack. For these reasons the model has proliferated cybercrime. Over 60% of all known ransomware attacks in 2020 have been attributed to RaaS models, according to Greenbone.

How the RaaS model works

The RaaS model provides interested cyber attackers with minimal to no technical skill with extensive training, reference materials and malicious code that can be used to launch a ransomware attack.

Similar to legitimate businesses, RaaS providers use a range of revenue models:
  • Monthly payment (subscription model)
  • Partner programs, in addition to the subscription model there are profit-sharing schemes
  • One-time license fee
  • Profit sharing only
An example is the Satan RaaS Platform, which is available over the dark web and enables customers to launch customizable ransomware attacks at wide scale. Novice attackers are able to subscribe to the Satan platform and launch their own attacks on their targets, all for a 30% cut of their gains paid to the providers.

Prominent RaaS examples and the bounties gained

  • DarkSide – Best known for the May 2021 ransomware attack on the Colonial Pipeline in the U.S., which temporarily shut down 45% of East Coast fuel supply and earned the hackers a $4.4 million ransom payment.

  • REvil (aka Sodinokibi) – From a financial perspective, it's most successful attack was the one it launched on Brazil-based meat processing company JBS S.A., which earned the ransomware developer and its affiliates around $11 million.

  • Ryuk – Ryuk’s code targets the Microsoft Windows cyber-systems of large public entities, either through phishing campaigns that contain links to malicious websites or attachments with the malware. Ryuk made $61 million from ransoms in 2018-19, according to the FBI.
    • Tags