Tuesday 22nd June 2021

BLOG: How Ransomware-As-A-Service Works

Ransomware as a Service (RaaS) is an implementation of the Software as a Service (SaaS) business model. As with each SaaS solution, RaaS users do not need to be competent to proficiently use the tool. This subscription-based model allows associates and affiliates to utilise ransomware tools that have already been developed and established to execute ransomware attacks. Successful ransom attacks carried out through this way provide affiliates with a percentage of each ransom payments.

Highly regarded RaaS developers create software with a high chance of success and a low chance of detection. When the ransomware is developed, it is then altered and adapted to a multi-end user infrastructure. The software is then ready to be licensed to multiple affiliates. RaaS is available over the dark web. Creators can earn money for writing and adapting code, whilst attackers can rent attack software.

To recruit affiliates, many RaaS operators advertise affiliate openings on dark web forums. New affiliates are given a custom exploit code for their unique ransomware attacks. This custom code is then submitted to the website that is hosting the RaaS software for the affiliate. With the affiliate hosting site updated, RaaS users are poised to launch their ransomware attacks.

To make the ransom payment, victims are instructed to download a dark web browser and pay through a dedicated payment gateway. Most ransomware payments are made with cryptocurrency, usually Bitcoin, due to their untraceable nature. Ransom payments are made untraceable, this is because the money launderer conceals and disguises the path of the money transferred. To read more about ransomware, click here to read our ransomware handbook.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.