• Home
  • /Learn
  • /What is RaaS, a.k.a Ransomware as a Service?
background image


What is RaaS, a.k.a Ransomware as a Service?


Cybercrime as a service is a thriving dark web business, and RaaS, or Ransomware as Service, is one of the most popular services offered. By some estimates, the number of active RaaS providers has grown from just a handful in 2016 to over 50 in 2019. This growth is driven in part by the success of major ransomware attacks like WannaCry and NotPetya, which have generated millions of dollars in ransom payments for their attackers.

While RaaS providers make it easy to launch ransomware attacks, they typically do not provide any support or guidance on how to actually collect ransom payments. This leaves victims of RaaS attacks with little recourse but to pay the ransom or try to restore their data from backups.

Ransomware is among the top-five cybercrimes; reports suggest 2022 saw ransomware attacks rise by 13%, the highest in five years. This spike is attributable to the emergence of ransomware as a service (RaaS).  

What is Ransomware as a Service?

RaaS, or Ransomware as a Service, is a subscription-based model that allows affiliates to deploy ransomware attacks without having to develop their own malicious code. RaaS providers typically host their services on the dark web and offer easy-to-use tools that allow even novice attackers to launch sophisticated ransomware attacks.

In exchange, affiliates earn a cut out from each successful ransom payment. RaaS is similar to the SaaS (software as a service) model. Like SaaS, RaaS users don't need to be skilled or experienced coders.

RaaS empowers even the most novice hackers to execute highly sophisticated cyberattacks. RaaS developers pay their affiliates very high dividends, sometimes more than 80% of the ransom. 

The low technical barrier of entry and the tremendous earning potential of RaaS make it a lucrative model for many cyber criminals and organizations working in the shadows.

What is Ransomware?

The idea behind ransomware is simple: lock and encrypt a victim’s computer or device data, then demand a huge ransom to restore access with a decryption key. Attackers often threaten to delete or release the data if their ransom demands are not met.

Ransomware can be deployed in a number of ways, including through malicious email attachments, infected websites, and compromised software downloads. Once a ransomware attack is underway, it can spread quickly across an organization’s network, encrypting files on every computer it comes into contact with.

Ransomware is notoriously difficult to defend against, and even organizations with the strongest security defences can fall victim to a ransomware attack. As such, it’s important for businesses of all sizes to have a comprehensive backup and disaster recovery plan in place in case they do find themselves the target of a ransomware attack.

In April 2021, one of Apple’s business partners became a victim of a ransomware attack. The attackers demanded $50 million in exchange for a decryption key. The company refused to pay the ransom, and as a result, the attackers released some of the company’s internal data.

While paying the ransom may seem like the easiest way to regain access to your data, it’s important to remember that there is no guarantee that you will actually receive the decryption key after paying.

How does the ransomware as a service model work?

The RaaS model requires well-developed ransomware built by skillful operators to attract potential affiliates. Once the ransomware is ready, it is licensed to multiple affiliates. The revenue model for RaaS solutions mirrors SaaS’. Affiliates can either sign up with a one-time fee or a subscription. There are no monetary entry requirements in some places, and affiliates can sign up on a commission basis.

 Ransomware affiliates are guided through the documentation containing a step-by-step guide for launching attacks. Some RaaS distributors even provide affiliates with a dashboard solution to help them monitor the status of ransomware attacks. RaaS operators post affiliate openings on the dark web to attract affiliates. 

What can we do to protect against ransomware attacks via RaaS?

The risks and vulnerability differ from company to company. Here are a few proactive steps that can minimize the risk:

  • Ransomware penetration testing

    helps you evaluate the risks of such attacks beforehand.

  • Educate staff on how to identify phishing emails and respond appropriately.

  • Set up SPF, DKIM, and DMARC to prevent attackers from using your domain for phishing attacks.

  • Monitor the security posture of all vendors to prevent breaches.

  • Set up regular data backup sessions.

  • Do not solely rely on cloud storage; backup your data on local network hard drives.

  • Avoid clicking on suspicious links in emails.

  • Use antivirus and anti-malware software.

  • Ensure all your software is patched and updated.

  • Provide your staff and users with social engineering training.

  • Apply the principle of Least Privilege to protect your data.


Some of the world's top organizations have fallen prey to ransomware attacks despite an army of IT staff protecting the organization round the clock. Accenture had to deal with a ransomware attack in August 2021 and Acer in March 2021, with a ransom demand of $50 million.

As technology advances, the risk of cybercrimes like Ransomware attacks, too, rises. Enterprises must ensure a robust security infrastructure, stringent policies, and multiple checkpoints to minimize these risks.

 Packetlabs provides comprehensive ransomware penetration testing services to mitigate the risks. Connect with us to learn more about how we can help protect your company from ransomware attacks.

Ransomware Penetration Testing

Ransomware penetration testing evaluates the preparedness and risk of a ransomware attack. In addition to a complete analysis of the security program against the Cybersecurity Framework Profile for Ransomware Risk Management (NISTIR 8374), and a technical assessment of security controls, a full penetration test is conducted to measure the robustness of your systems.