Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

NordVPN

Online security and privacy

NordPass

Password management

NordPass Business

Business password solutions

NordLocker

Encryption with cloud storage

Blog How-To

The dangers of ransomware as a service (RaaS)

What if initiating a cybercrime was as easy as ordering a new t-shirt online? Thanks to “ransomware as a service”, that may now be the reality. Ransomware as a service (or RaaS) is way more accessible than you think, and it has become one of the top online risks. Learn what it is and how to protect yourself.

Paulius Ilevičius

Paulius Ilevičius

Jan 20, 2022 · 3 min read

facebook Facebook
twitter Twitter
Copy link Copy link
The dangers of ransomware as a service (RaaS)

What is ransomware as a service?

RaaS (or ransomware as a service) is a service that allows users to use already-developed ransomware tools and execute ransomware attacks. RaaS is like an evil version of the software as a service (SaaS) model. It enables lay users to lock their targets’ data and demand ransom without much technical knowledge.

How does ransomware as a service work?

RaaS mimics the model of other online services. Developers create ransomware tools with high chances of success. Then they modify them to serve a multi-user infrastructure. Various affiliates then sell the software to end users on the dark web. This enables users without much technical knowledge to initiate ransomware cyberattacks by simply signing up for the service and using the tools.

All cybercriminals need to do is find a service that suits their purposes and sign up on its website. Then they simply select the type of tool they wish to use and pay with cryptocurrencies. Users can then initiate attacks, receive all the guidelines and the necessary documentation to proceed, and even track the progress of their malicious activities.

Sometimes the user friendliness and availability of RaaS services are surprising. Some even have customer service, various discounts, bundle offers, and customer reviews. They are also relatively affordable.

Here are a few types of RaaS business models:

  • Hostile entities use the software but then pay a percentage of their extorted money to the RaaS service operators.
  • One pays a flat fee for a subscription.
  • Cybercriminals pay a one-time fee and use the ransomware whenever they want.
  • Customized or personalized profit-sharing schemes may be available depending on the scheme used by a service.
Related articles
News · 3 min read Hacker who sent death threats to children receives jail time By Aurelija Andriekutė · Sep 25, 2020
News · 4 min read What is Pysa ransomware? By Karolis Bareckas · Dec 14, 2021

Ransomware as a service examples

  • DarkSide. DarkSide is one of the most notorious RaaS operators and is responsible for the Colonial Pipeline hack, one of the worst ransomware attacks to date. It targets mostly Windows users, but recently, it has expanded to Linux. It was especially active in 2021.
  • Dharma. While Dharma has been known since 2016, it started operating as a RaaS provider only in 2020. Dharma attacks have been linked to Iranian cybercriminal groups and are usually financially motivated. The service is not centrally controlled, and its variants come from many sources. There is also little known about who is behind Dharma due to the identical nature of its attacks.
  • REvil. REvil is another infamous RaaS operator. It was very active throughout 2021. It initiated attacks on American meat producer JBS, Kaseya, and CNA, a cyber insurance company. REvil informs victims about their attacks via their own blog. They are also behind one of the largest known ransom demands in history — 10 million dollars.
  • LockBit. LockBit first emerged as a virus that encrypted user files. However, it later became a RaaS operation. It has a distinct ability to automatically self-propagate to target networks, which makes it attractive to cybercriminals.
  • Maze. Maze not only encrypts user data but also threatens to make it public. Maze was shut down in 2020 for reasons unknown. But the people behind the attack most likely created other RaaS initiatives.

How to prevent ransomware as a service

Here are a few tips on how to prevent or at least minimize RaaS damage:

  • Don’t click on suspicious links, banners, or attachments.
  • Avoid downloading content from dodgy websites because you can get some unwanted surprises if you do.
  • Always be aware and informed to avoid phishing attacks and other social engineering attempts.
  • Monitor and validate all your connection requests.
  • Regularly update your software.
  • Regularly back up your data so that you won’t lose it in a ransomware case. We recommend also using external hard drives rather than just cloud storage.
  • Make sure you use premium security software.

Should you pay the ransom?

There is no 100% correct answer to this question, but most law-enforcement agencies advise not paying a ransom. In some countries, it is even illegal to pay the ransom.

facebook Facebook
twitter Twitter
Copy link Copy link
Paulius Ilevičius
Paulius Ilevičius success Verified author
Paulius Ilevičius is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.
Next article
Next read Is my phone listening to me? Karolis Bareckas · May 10, 2022

Trending articles

Trending article
News · 3 min read Could the Russia-Ukraine war be causing a drop in cybercrime? Daniel Markuson · May 16, 2022
Trending article
News · 4 min read Maze ransomware: all you need to know Charles Whitmore · May 16, 2022
Trending article
In Depth · 3 min read Is APKPure safe to use? Paulius Ilevičius · May 13, 2022
Trending article
How-To · 7 min read Is my phone listening to me? Karolis Bareckas · May 10, 2022