Ransomware as a Service (RaaS)

Subscription-based applications have changed the software market  — including the illicit software market. Ransomware as a Service, or RaaS, means that threat actors don’t have to code their own ransomware; they can simply buy it from another cybercriminal. This means that any threat actor who wants to can launch a ransomware attack, no matter their technological skills.

How Does Flare Address Ransomware Readiness? 

RaaS gangs gain access to your environments by taking advantage of data leaks, looking through sensitive information in stealer logs sold on Genesis Market, Russian Market, and both public and private Telegram groups. 

Flare provides continuous monitoring of any stolen information with automated monitoring across the clear & dark web, prioritized alerts, and autonomous remediation. This includes monitoring for stealer logs, especially those that contain access to RDP, VPN, and SSO credentials that could lead to a compromise of your data.

What are the key benefits of ransomware monitoring and readiness with Flare?

  • Flare automatically monitors for external threat exposures, allowing for significantly reduced time in remediating any risks.
  • Flare is able to quickly contextualize and summarize threat actor activity so that your security team can act as soon as possible.
  • Flare notifies you about any risks that need to be mitigated, allowing your security team to spend their time and resources on more complex tasks. 

Ransomware as a Service: An Overview

What is Ransomware as a Service? 

RaaS is a cybercrime business model in which threat actors who develop ransomware sell their malware to other threat actors who then distribute it. It’s a variation of the broader Malware as a Service (MaaS) market. In fact, it’s a sizable chunk of that market; ransomware made up 58% of the MaaS sold between 2015 and 2022.

How does the RaaS business model work? 

There are a range of RaaS revenue models. Some are straightforward subscriptions, while some don’t require any upfront costs; the user pays after a successful attack. 

  • Affiliate programs: Users pay a monthly flat fee for access to the ransomware. The RaaS takes a cut of every successful ransom.
  • Profit-sharing: The user purchases a license and the proceeds are split between all users and operators. 
  • One-time license: Users make one payment for access to the RaaS. They do not have to share profits. 
  • Percentage split: Rather than paying for a license, the user splits the profits with the RaaS operators after an attack.

What is the history of the RaaS model? 

RaaS isn’t new. The first recorded instance of Ransomware as a Service is from 2012, when Reveton — also called the FBI virus— locked victims out of their computers with a message claiming to be from the FBI or local law enforcement, and demanding a fine. Reveton was the first to offer its ransomware as a product, and it operated as a business, offering updates and options for customization. Since then, RaaS gangs have exploded, as have the number of ransomware attacks. 

Why is it Important to Understand Ransomware as a Service Right Now? 

How prevalent is ransomware?

The RaaS model might not be new, but the growth of the Ransomware as a Service industry has certainly contributed to the dramatic rise in ransomware attacks. According to Verizon’s 2023 Data Breach Investigation Report (DBIR) ransomware is now the second most used atack vector and is present in a quarter of all data breaches. In 2023, ransomware was the second-most prevalent attack method in data compromises as well. With sophisticated ransomware at the fingertips of almost anyone who wants it, increasing numbers of organizations will find themselves the target of ransomware attacks.

How is ransomware delivered? 

Most ransomware is delivered as part of a phishing attack; a bad actor uses a fake message to trick an insider into clicking a suspicious link or downloading the ransomware in an innocent-seeming file. However, ransomware can be inserted into a network by a threat actor who has hacked into a system. 

What is the impact of RaaS? 

Because RaaS makes ransomware available to a larger group of criminals, it enlarges your attack surface. Businesses are then exposed to several risks, financial and reputational. Some of the financial costs may include the following: 

  • Disruption of operations
  • Regulatory fines
  • Litigation costs
  • Expenses associated with remediation efforts
  • The ransom fee, or fees, if the organization chooses to pay

How can you protect yourself from RaaS gangs? 

Countering RaaS gangs and ransomware in general, it’s important that organization adopt a proactive cybersecurity stance. This means using a multifaceted strategy that includes technology, threat intelligence, education, and good cyber hygiene practices.

RaaS and Flare

Flare provides the leading Threat Exposure Management (TEM) solution for organizations. Our technology constantly scans the online world, including the clear & dark web, to discover unknown events, automatically prioritize risks, and deliver actionable intelligence you can use instantly to improve security. Ransomware as a Service (RaaS) puts ransomware, one of the most disruptive types of malware, into the hands of anyone willing to pay for it. 

With Flare Supply Chain Ransomware Exposure Monitoring, gain unique visibility and proactive security across your extended supply chain to efficiently mitigate threat exposures that exist within ransomware data leaks. Learn more by signing up for our free trial.

Share This Article


Related Content