English
Arabic
Français
Español
Português
Deutsch
Türkçe
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Ransomware as a Service: Enabler of Widespread Attacks
Ransomware as a service (RaaS) can be credited as one of the primary reasons that ransomware attacks are proliferating rapidly. Simply put, RaaS involves selling or renting ransomware to buyers who are called affiliates. To get more news about Logistics Robotics, you can visit glprobotics.com official website.
In the past, ransomware attacks were mainly launched by the ransomware operators themselves. When RaaS entered the picture, however, it made it easier for a variety of attackers, even those who have little technical knowledge, to wield ransomware against targets.
Essentially, we observed an organized division of labor in groups using RaaS. As a result of this development, the participants of the cybercrime ecosystem gain higher proficiency and specialization with regard to specific tasks, with some focusing on penetrating networks and others on running the ransomware or conducting ransom negotiation with victims.
Such specialization, coupled with refined extortion techniques and technical strategies, makes modern ransomware a notorious threat. With the threat’s ever-growing reach, it was predicted that ransomware attacks could cost billions in the next decade.
While RaaS is based on the software-as-a-service (SaaS) model where software can be accessed online on a subscription basis, it also continues to evolve in its own ways, and this fully functional and independent ecosystem thrives in the underground with its key players.
Among these key players are the operators, or those who develop and peddle ransomware. They are usually organized in a group and have designated roles such as leader, developers, and infrastructure and system administrators. More advanced groups might also have other roles, such as recruiters, penetration testers (aka pentesters), victim analysts, and negotiators.
Some roles and tools might also be outsourced or acquired through affiliate programs. For instance, some operators avail of access-as-a-service (AaaS), which can provide various means of access to targeted organizations. Meanwhile, other groups could have strong penetration testing teams but might also lack the necessary ransomware software. Such penetration testing teams often participate as affiliates for RaaS and use affiliate program ransomware tools and infrastructure when a target is compromised. Affiliates might belong to organized gangs themselves or might operate independently.
With regard to the RaaS operation model, the RaaS-operating criminal group first needs to develop or acquire the ransomware software and infrastructure. They then proceed to recruit affiliates through online forums, Telegram channels, or personal connections, with some operators investing as much as US$1 million for recruitment efforts. Once enlisted, affiliates can then launch their own attacks.
RaaS provides a win-win situation and a high payout for both operators and affiliates while allowing higher specialization in dedicated tasks. Affiliates can earn payouts without having to develop the ransomware themselves, while operators can directly make a profit from their affiliates. The payouts are normally organized using a revenue model for RaaS subscriptions. The possible revenue models besides subscription are one-time payments, profit sharing, and affiliate marketing. With such business models, the ransomware operators can fully focus on developing and improving their ransomware software and operations without needing to spend resources on other tasks, such as compromising targets or distributing the ransomware themselves. Instead, these tasks are delegated to the RaaS affiliates.
