Ransomware-as-a-Service: Demanding ransoms has never been easier or more lucrative

• Author:
• Author name

  Quantumrun Foresight
• February 5, 2022

Insight summary

Ransomware-as-a-Service (RaaS) is a criminal model that allows affiliates to use pre-made ransomware tools to launch attacks, earning a commission for each successful ransom payment. These attacks, often initiated through deceptive phishing emails, can lead to significant disruptions and hefty ransoms, with cybercriminals taking advantage of the widespread availability of international cloud infrastructure. The rise of RaaS has led to various implications, including the need for stronger governmental task forces, increased cybersecurity investments, and a shift towards a more privacy-conscious society.

Ransomware-as-a-Service context

RaaS is a criminal offshoot of the lucrative Software-as-a-Service (SaaS) business model that was developed by cybercriminals. RaaS makes it possible for affiliates to use already developed, off-the-shelf ransomware tools purchased on the black market to carry out a ransomware attack, something that only used to be possible for tech-savvy malware developers. In some cases, the cybercriminal RaaS developers earn a commission upon each successful ransom payment generated from their ransomware. 

Cybercriminals who adopt the RaaS business model are generally referred to as “ransomware gangs.” RaaS developers are responsible for the building, selling, or leasing of ransomware while affiliates are responsible for distribution (i.e., infecting target networks with malware). For a successful attack using the RaaS model, skilled developers and ransomware operators would need to employ their expertise in coding ransomware or selling an already existing one to affiliates. By signing up and subscribing for the service, affiliates gain the license to distribute the malware for a commission upon the successful extortion of ransom from a victim. 

RaaS initiated ransomware attacks are most commonly delivered through phishing emails. Phishing emails aim to appear as normal emails from clients or colleagues but they include links that if clicked, give the attackers access to your network. By breaking down your firewalls, the ransomware can then encrypt and download your sensitive information and leverage that access or control to demand a ransom for returning stolen information or returning system access. 

Disruptive impact

The RaaS model is an effective form of criminality and growing rapidly for several reasons. Cybercriminals can launch cyberattacks without having to develop ransomware by themselves. They can also recruit eager affiliates to distribute their “services.”

Well-organized ransomware gangs can demand as much as seven-figure ransoms from their victims, which in 2020 have included international meat producers and global technology companies. Additionally, the exponential growth in the availability of international cloud infrastructure provides cybercriminals with a standard environment to launch attacks from any part of the world, with little to no fear of extradition.

Laws and regulations may not be enough to eliminate ransomware attacks. Accordingly, individuals and organizations are increasingly prone to cyberattacks and should consider taking proactive measures to mitigate the risk of attack. By establishing defenses, continuously monitoring digital ecosystems for vulnerabilities, and educating staff on how to detect phishing emails, individuals and companies may be able to protect themselves from becoming victims.

Implications of ransomware-as-a-service 

Wider implications of RaaS may include:

• Governments establishing or strengthening dedicated task forces or agencies to safeguard against and resolve ransomware incidents.
•  Governments and top digital companies developing new online solutions, standards, and protocols to modernize cybersecurity utilizing a top-down approach.
• An increase in cybersecurity investments, resulting in a shift in economic resources towards the development and deployment of advanced security measures.
• Individuals becoming more cautious and educated about their digital footprints, leading to a more privacy-conscious society.
• Older generations being more susceptible to such attacks due to a lack of technological literacy, leading to a greater need for digital education across all age groups.
• The energy consumption of data centers increasing due to the need for more computational power to counteract these threats, leading to a rise in carbon emissions.
• An increasing number of sophisticated cyberattacks that can disrupt essential services.

Questions to consider

• What considerations should victims of ransomware review before paying a ransom? 
• How would you handle a ransomware attack if you were to become a victim?