Saturday, February 4, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > What is RaaS (Ransomware as a Service)?

What is RaaS (Ransomware as a Service)?

As the number of attacks grows day by day, ransomware is now being served as a service. In this article, we are explaining both Ransomware and RaaS.


Erdem Yasar Erdem Yasar
August 2, 2022
4 min read
What is Ransomware as a Service (RaaS)

Table of Contents

  • What is Ransomware?
  • What is Ransomware as a Service?
  • How does Ransomware as a Service work?
  • Examples of Ransomware as a Service
  • FAQ
    • Is Ransomware as a Service illegal?
    • What was the first Ransomware as a Service?

What is Ransomware?

Ransomware is a type of malware that focuses on preventing victims from accessing the data, such as files, databases, or applications, by using encryption methods and holding the information at ransom. It can easily spread to a network and targets critical databases and file servers. This process can halt the operation of the target organization. The attacker demands a ransom from the victim to grant access. It became one of the most common cyber attacks recently that generates billions of dollars in payments to cyber criminals.

Most hacker groups are demanding ransom in cryptocurrencies. The severity of this method caused various companies to shut down due to high ransom demands. Ransomware is currently the biggest cyber threat, especially for organizations that depend heavily on digital infrastructure.

Although most government agencies advise not to pay the ransom since it would encourage these criminal groups, it can also cause an organization to go bankrupt due to the halt in their operations, thus most organizations prefer paying the ransom. However, researches show that approximately 50% of victims who pay the ransom face another ransomware attack soon, especially if they didn’t mitigate the vulnerabilities causing the incident or didn’t clean the malware from the system.

Ransomware gangs mostly use asymmetric encryption. This method creates two keys for encryption and decryption, uniquely generated by the attacker for the victim. Without the private key, it is almost impossible to decrypt the encrypted files. Once the ransom is paid, the attacker shares the private key with the victim, allowing them to decrypt and access the files. Recently, some ransomware gangs also started to steal sensitive information before encrypting it.

In case the organization denies paying the ransom, the gangs threaten them to leak the stolen files online, to put the organization in a tough spot. Leaking users’ sensitive information online can cause serious lawsuits and can damage their reputations drastically.

For more information: What is Ransomware?

What is Ransomware as a Service?

RaaS, which stands for Ransomware as a Service, is a business model in which affiliates pay ransomware operators to launch attacks on targets. It can be considered as a type of software as a service model. Anyone who paid for RaaS services can launch an attack on the target they prefer without any technical skill or knowledge. Ransomware operators provide RaaS kits to affiliates allowing them to use the service. Also, similar to other legitimate solutions, operators provide a panel to create their ransomware package and command and control dashboard to affiliates.

Just like legitimate services, RaaS services come with 24/7 support, bundles, user reviews, a community board, and some other features depending on the provider. The price range for these kits starts from less than $100 to thousands of dollars. Most ransomware gangs demands at least millions of dollar as ransom from victims.

RaaS services can be found easily on both the dark web and the legitimate web. The providers are advertising their offerings on multiple websites and can offer discounts or extra features to attract more customers. RaaS arrangements mostly come with four revenue models:

Monthly subscription: Affiliate pays a monthly flat fee and earns a small percentage of a successful ransom.

Affiliate program: In this model, the operator gets a small percentage of the profits.

One-time license: The affiliate pays a one-time fee and doesn’t share the profit with the operator.

Profit sharing: Profits are divided among affiliates and operators according to the percentage both sides agreed on prior to attacking.

How does Ransomware as a Service work?

In Ransomware as a Service, the developer of ransomware creates malware, purpose-built with a cloud-native architecture to be able to support multiple end users and licensing schemes. When the payment is made, which is mostly made in Bitcoins, the operator starts the campaign and infects the victim. In most cases, operators use phishing and social engineering to trick users to be able to deploy the malware.

Once the malware is executed, the data in the victim’s system becomes encrypted and basically useless. Then the operator displays the message to the victim, which includes the instruction about paying the ransom. After that, the operator waits for the victim to send the ransom or contact them. If the victim pays the ransom, the money is divided according to the agreement between the affiliate and the operator.

Most RaaS services include either a compiled ransomware or its source code, customization tools for ransomware, other malicious tools capable of extracting data before encrypting, an infrastructure purpose-built to manage the ransomware, a control panel, 24/7 technical support, a forum, or some sort of platform to exchange information, and instructions.

Examples of Ransomware as a Service

Some of the most notorious ransomware is available as a RaaS on the dark web. Some well-known RaaS kits are REvil, Dharma, LockBit, Conti, Maze, Encryptor, Goliath, Jokeroo, Locky, Shark, and Stampado.

A well-known example of ransomware as a service is REvil, which was used to attack Kaseya in 2021.

Dharma is also a very common RaaS, which emerged in 2016.

Another well-known RaaS operation is DarkSide, which mainly focused on Windows systems and then expanded to Linux. FBI stated that the Colonial Pipeline attack was made by the DarkSide group.

LockBit is also a very notorious RaaS service since late 2019. The gang leaks data on a popular Russian criminal forum.

Another service named Maze is known for threatening the victims for sharing the stolen data publicly.

FAQ

Is Ransomware as a Service illegal?

As well as hacking a system and encrypting the data, paying for someone to do it is also a crime. Since ransomware as a service is illegal, most ransomware gangs are using Dark Web and extra careful when it comes to contacting the affiliates. The payment is made with cryptocurrencies which makes it even harder to track these cybercriminals. However, we have also seen many ransomware gang members getting arrested. Shortly, paying for someone to launch a cyber attack is a crime and can end up in serious lawsuits.

What was the first Ransomware as a Service?

Although ransomware dates back to the late 1980s, RaaS is a relatively new model. The first known ransomware was the AIDS trojan, released on a floppy disk in 1989. It demanded $189 from its victims, which should be sent to a post office box in Panama. The first RaaS service is believed to be Dharma. The ransomware initially emerged in 2016 as CrySis. It is available on the dark web since 2016 and is associated with remote desktop protocol attacks.

See more Cybersecurity News


Tags: MalwareRansomware
Erdem Yasar

Erdem Yasar

Erdem Yasar is a news editor at Cloud7 News. Erdem started his career by writing video game reviews in 2007 for PC World magazine while he was studying computer engineering. In the following years, he focused on software development with various programming languages. After his graduation, he continued to work as an editor for several major tech-related websites and magazines. During the 2010s, Erdem Yasar shifted his focus to cloud computing, hosting, and data centers as they were becoming more popular topics in the tech industry. Erdem Yasar also worked with various industry-leading tech companies as a content creator by writing blog posts and other articles. Prior to his role at Cloud7 News, Erdem was the managing editor of T3 Magazine.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
LockBit abusing Windows Defender to load Cobalt Strike

LockBit abusing Windows Defender to load Cobalt Strike

Related News

LockBit encryptor source code is updated

LockBit encryptor source code is updated

February 3, 2023 4:40 pm
Fortinet is expanding its SOC offerings portfolio

Fortinet is expanding its SOC offerings portfolio

February 3, 2023 2:00 pm
Radware announces a new partner program

Radware announces a new partner program

February 3, 2023 1:30 pm
APTs are looking for developers to hire with hefty paychecks

APTs are looking for developers to hire with hefty paychecks

February 1, 2023 2:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • LockBit encryptor source code is updated
  • LibreOffice 7.5 Community is released. What’s new?
  • NTT to add Palo Alto Networks’ solution to its portfolio
  • Gcore announces partnership with Super Protocol
  • Fortinet is expanding its SOC offerings portfolio

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.