What it is
Ransomware-as-a-Service (RaaS) operates like a subscription or revenue-share platform. Core developers create and maintain ransomware malware, payment portals, and leak sites, while affiliates pay to use the tools or split profits from successful attacks. This model lowers the technical barrier to entry, allowing less-skilled attackers to launch highly effective ransomware campaigns.
Why it matters
RaaS has dramatically increased the scale and frequency of ransomware incidents worldwide. Because affiliates vary in skill and targeting discipline, attacks often hit poorly defended organisations indiscriminately, including SMBs, schools, and healthcare providers. The decentralised nature of RaaS also makes attribution and takedown far more difficult.
How to reduce risk
- Maintain strong patching and vulnerability management.
- Restrict exposed services (RDP, VPNs, admin panels).
- Use multi-factor authentication across all remote access.
- Monitor for early indicators of compromise, not just payload delivery.
External resources
- https://www.ncsc.gov.uk/ransomware
- https://www.cisa.gov/ransomware
- https://attack.mitre.org/techniques/T1486