Contact us
Request demo →
Contact us

RaaS: How Ransomware as a 'Service' Increases Your Attack Risk

by Sebastiaan Bosman Blog 16 Nov 2020

We know of Software as a Service, where organisations outsource parts of their digital infrastructure to third parties for the sake of improved user experience or increased security, for instance. As a successful business model, it is actually not that shocking something similar is happening in the world of cyber-crime. The people who know how to build ransomware sell their software on the dark web and offer it as Ransomware as a Service (RaaS), turning even rookie cyber-criminals into money-making hackers. How does it work, exactly? And what can you do to protect your systems?

What is Ransomware?

First, let’s define ransomeware and explain what attackers try to achieve with it. Ransomware is a form of malware. Once it has nestled itself in your systems, it can encrypt parts of your data, or lock you out of your system altogether. The threat actors behind the attack then demand a ransom to give you the encryption key.

There have been cases where organisations have paid the ransom, and did retrieve their data. The threat actors calculate the ransom, making it a somewhat tempting option for their victim when compared to the cost and effort it takes to run a full digital forensic study and replace infected systems. This can easily take many weeks, and add up to a loss in the tens of millions, as it did for the company ISS World earlier this year.

However, there is no guarantee the criminals will actually give you the key, or that they haven’t installed more malware or some sort of back door.

Where does the ‘service’ come in?

Building the perfect ransomware is not easy. It takes time and skill to prepare, develop and weaponise the software. Instead of then carrying out the attack themselves, the developers also make money from offering the ransomware as a ready-made package on the dark web. This allows much more people to carry out a ransomware attack.

But that’s not all. The ‘S’ in RaaS comes from a newer development where people can subscribe to a cloud-based platform providing ransomware services. These subscribers spread the ransomware to their victims, while the developers control the software and execution of the attack.

Subscribers often pay a recurring fee for access to the service. The Intel 471 Malware Intelligence team writes that affiliates of RaaS provider REvil receive 60% to 70% of the ransom payment. The rest is kept by the ransomware group. 

How to defend against a ransomware attack

The difficult thing is that a ransomware attack can come from so many different directions. Whether it’s a social engineering attack, phishing campaign, or straight-up hack; the impact is immense.

Here, as with so many digital risks, prevention is certainly better than remediation. Threat actors will try to abuse vulnerabilities in your systems to gain access. That means you need to know what digital assets in are at the biggest risk of being compromised.

The solution lies in a mix between understanding and predicting criminal activity online, and monitoring your own digital footprint to proactively prevent risks.

To get to the bottom of this threat, we organise a webinar together with Intel 471. We will take a deep dive into the underworld of ransomware and bring risks and solutions to the surface. Learn how to avoid falling victim to a ransomware attack. Register for the free webinar here.


pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us