As we wrote about in our ransomware series, ransomware is big business. It has evolved to the point where business models for Ransomware as a Service (RaaS) have been developed to maximize monetary gain in the use of this malicious software. Much like how legitimate software developers lease Software as a Service (SaaS) products to customers, ransomware developers have begun to create an economy around the leasing of ransomware variants to malicious “clients”.

This particular service provided by cyber criminals has proven to be extremely lucrative as it allows the creators of the malware to enlist more “distributors” of their ransomware while being able to take a cut of each ransom, similar to royalties. The increase of recent ransomware attacks we have seen over the last five years can be directly attributed to the rise of RaaS. What was formerly a linear attack model has evolved into a multi-faceted and quickly deployable attack service that almost anyone can purchase, and thus utilize.

In short, RaaS is a subscription-based model like SaaS, and it enables their “clients” to utilize and deploy complex ransomware variants and tools for launching ransomware attacks.

The advent of RaaS has lowered the barrier to entry for threat actors with malicious intent. RaaS allows individuals and groups with little technical knowledge to launch their own ransomware attacks. With the economies of scale now achieved in this model, malicious actors lacking the time or skill to develop their own ransomware variants are able to easily purchase these “affordable” services to lower the cost and time it takes to attack organizations for monetary gain. The previous prerequisite of needing technical knowledge to launch a ransomware attack has more or less been completely removed.

In the same way that legitimate SaaS tools and services are advertised on the internet that we all see, RaaS services and tool kits are openly advertised on the dark web making them easy to find if you know where to look. To further lower the barrier to entry, many RaaS developers on the dark web provide 24/7 support, bundled offers and discounts, and even user reviews and forums. The evolution of RaaS has greatly lowered the complexity of enacting malicious actions such as ransomware attacks, and we have seen an increase in these attacks at an alarming rate.

RaaS has made it so that anyone can launch their very own ransomware attack simply by using these services found on the dark web. The threat actors are no longer only the people that are capable with the technical know-how. Disgruntled employees can easily become an internal threat actor with the advent of RaaS.

In conclusion, the rise of RaaS solutions have lowered the three barriers to entry of launching a malicious ransomware attack: cost, technical know-how, and time. RaaS and its maturing ecosystem has resulted in continued proliferation of ransomware attacks that are causing more and more damage to businesses and critical infrastructure around the world.