What is Ransomware-as-a-Service (RaaS)? | EasyDMARC

What is Ransomware-as-a-Service (RaaS)?

6 Min Read
What is Ransomware as a Service RaaS

Ransomware is one of the most common types of malware among the various kinds worldwide. It blocks a user’s access to their data, demanding a ransom to restore access. Individual or business, ransomware targets everyone. 

Nevertheless, Sophos research indicates that only one in 10 companies get their data back after paying the ransom.

Despite being relatively new in the cyberattack industry, ransomware is on a steep upward trend, and its scope of spread is extending.

If it’s your first time hearing about ransomware, read our complete guide to learn more. In the meantime, this article covers ransomware as a service (RaaS) and its major impact on businesses. 

What is RaaS?

RaaS isn’t merely another cyberattack. It’s an evolved model that has turned into a service as well. But what is Ransomware-as-a-Service, precisely? 

RaaS (Ransomware-as-a-Service) is a subscription-based model that enables inexperienced cybercriminals to use pre-designed malware tools to implement ransomware attacks. Cyberattackers usually receive high dividends from any successful ransom payment.

In some ways, RaaS is similar to SaaS (Software-as-a-Service). Similar to SaaS, you don’t need any specific skills to use RaaS. That’s why it’s now way easier for cybercriminals to execute sophisticated attacks using RaaS solutions.

How Does Ransomware-as-a-Service Work?

Ransomware tools are generally developed by seasoned experts who later sell them to affiliates on secure dark web platforms.

After development, the ransomware tool is modified to a multi-end user infrastructure. Cyberattackers must get permission to use it. The signup is commonly available with a one-time fee, monthly subscription, or commission. 

Once the cyberactor accesses the software, they’re provided with a step-by-step guide on how to carry out a ransomware attack. It’s also possible for cybercriminals to follow the pace of the ransomware infection attempts with a specific dashboard. 

New cyberactor signups are given a custom exploit code to implement their ransomware attacks. These codes are later submitted to the website hosting so that RaaS users can launch their attacks. 

When Did Ransomware-as-a-Service Start?

While Ransomware is nothing new, the first RaaS model, Ransom32, was compatible with various operating systems. Because it was developed in JavaScript, HTML, and CSS, it can infect Linux and MacOS, too.

Ransom32 encrypts client-side files with few resources. Any hacker can register on Tor using a Bitcoin address, then configure and download their own version of Ransom32. Developers typically take 25% of a ransom payment and direct the remaining amount to the ransomware users. 

Is RaaS a Crime?

Yes, Ransomware-as-a-Service, as well as ransomware itself, are illegal almost everywhere across the globe. As it’s not only about data capturing, but also demanding ransom. Hackers commonly require the victims to pay it with Bitcoin, which is untraceable.

In 2014, The United States Internal Revenue Service declared Bitcoin to be a property, not a currency; so its use is taxable. Accordingly, anyone demanding Bitcoin ransoms may be prosecuted for violating financial services laws and regulations.

Still, ransomware attacks haven’t been prosecuted because of the innate untraceable nature of the payment method. On the other hand, U.S. law enforcement officials encourage ransomware victims to report the attacks. 

As mentioned in the recent research by the Congressional Research Service, the Computer Fraud and Abuse Act (CFAA), can be used to criminalize ransomware attacks.

Is RaaS Efficient?

Ransomware-as-a-Service is highly efficient as it simplifies the process of earning money by spreading malware. The affiliate programs that underlie RaaS make it more appealing to hackers. Developers use the dark web to sell or lease malware.

The Group-IB research shows that around ⅔ of ransomware attacks in 2020 were executed using the RaaS model. People are excited to use RaaS as it doesn’t usually require specific skills. The idea of earning money with ready-to-use software is an effective motivator.

The price of ransom is also increasing year by year․ The average ransom demand in 2021 was $50m compared to $847,000 in 2020.

Many businesses underestimate the power of ransomware attacks and miss out on the installation of the latest software security patches. Any organization must consider RaaS as a significant threat to their data.

Ransomware-as-a-Service Examples

With many Ransomware-as-a-Service examples out there, we’ve highlighted two common types below:

  • LockBit started on September 29. This RaaS usually targets Russian-speaking users. It became popular in May 2020 when a cyberattacker threatened to publish data on a popular Russian-language criminal forum. The attacker used proof, like a screenshot of a document from the victim’s data, to force them to pay before the deadline passed. At least six victims have been exposed to this threat. 
  • REvil is also known as Sodinokibi. It became famous with one of the largest ransom demands on record: $10 million. It belongs to PINCHY SPIDER, a criminal group selling RaaS with affiliate models and obtaining 40% of the profits.

Why is it Dangerous for Your Business?

Just because a company is able and willing to pay a certain amount of ransom, the complete return of data is never guaranteed. You can never fully trust cybercriminals: they don’t always deliver on their promises to provide a decryption key and restore access to your documents again. 

For most RaaS attackers, it’s just a waste of time to supply all paying victims with a decryption key. They prefer to invest their time in seeking new victims. 

Businesses must take RaaS seriously and apply effective measures and detection techniques to stop any possible ransomware attack. 

How to Protect Against RaaS?

A number of protection methods exist against RaaS that organizations must consider using. We’ve highlighted some essential ones below.

  • Monitor your business ecosystem constantly to detect vulnerabilities in advance.
  • Educate your staff on RaaS and ransomware attacks.
  • Consider confidential data backup on external hard drives as cloud storage isn’t always reliable.
  • Use DKIM and DMARC to prevent any phishing attack on your domain.
  • Apply for Software Restriction Policies (RSP) to prevent programs from running in common ransomware environments.
  • Never click on suspicious links. 

Final Thoughts

Early detection of any cyberattack, including ransomware, is vital for all businesses. RaaS is a fast-paced cyberthreat and hackers never fail to develop new techniques to achieve their goals. Hence, companies must invest a lot of time and effort in malware prevention. 

RaaS is a costly threat to businesses, and they still can’t be 100% sure if they’ll get access to their lost data ever again.

If you don’t want to put your business at risk of a ransomware attack, consider a permanent protection strategy against Ransomware-as-a-service.

Content Team Lead | EasyDMARC
Hasmik talks about DMARC, email security, and cyberawareness. She finds joy in turning tough technical concepts into approachable and fun articles in plain language.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us