The Plain English Guide to: Ransomware as a Service (RaaS)

Introduction 

Business models have changed a lot over the last couple of decades.  

Where once we’d buy our software on a CD-ROM every five years and excitedly install the latest version of apps like Microsoft Office, we now simply subscribe to a service like Microsoft 365, download and install a file, then receive our updates instantly over the air. This ‘Software as a Service’ or SaaS model has become the default modus operandi for many tech platforms and services – but it’s not just business which has changed. 

In parallel with these advances in business software pricing, the same change has been happening on the flip side of the industry. Cyber criminals are taking full advantage of the new ‘as a Service’ trend to create entirely new malware-based ecosystems which exist purely to extort and steal data and money from individuals and businesses. 

This is known as Ransomware as a Service or RaaS, and it’s becoming a growing problem each year.  

If it’s the first you’re hearing of it, don’t worry. With this Plain English Guide, we’ll explain everything you need to know about Ransomware as a Service – and how you can avoid falling prey to it with your business.  

What is Ransomware as a Service (RaaS)? 

Ransomware as a Service, or RaaS, is essentially a business model for cyber-criminals whereby the ‘service’ they provide is access to ransomware.  

Just like SaaS and other ‘as a Service’ models, RaaS is usually based on a monthly subscription, with some criminals paying tens of thousands of dollars for access to the most sophisticated attacks.  

The idea is that even criminals without technical skills are able to leverage malware developed and managed by others to deploy attacks to exploit businesses. The result is that the risk of malware attacks becomes amplified while the actual developers of the attacks are able to effectively hide away and focus solely on developing their malware to avoid detection.  

RaaS itself isn’t necessarily a type of ransomware, though the payloads it delivers do operate in the same way, but the term Ransomware as a Service refers more to the underlying ecosystem.  

So what makes RaaS different from existing malware, exactly? And why is this such a growing concern among cyber security specialists?  

How the Ransomware as a Service economy works 

What makes Ransomware as a Service so different is the fact that it’s not a simple one-person attack.  

Rather, it’s an ongoing live service which is being supported on the back-end by one party and being delivered to victims on the front end by another. 

This model forms the RaaS ecosystem and the two main parties involved are:  

• The operator or developer of the ransomware itself. The individuals are the nuts and bolts of the ransomware malware itself. They write the code for the ransomware and make it available to others via the ‘dark web’, which is an online space accessible only through specially designed browsers – so you can’t accidentally happen across it.  
• The affiliate is effectively the buyer of the ransomware product. Just like affiliate marketing, their role is to make successful attacks using the malware developed by the operators. Just like in affiliate marketing, the RaaS affiliates don’t require any real technical expertise because the operators provide step-by-step instructions as part of the service. 

Naturally, the operators in the RaaS ecosystem won’t just develop, host, and manage ransomware for nothing – so they earn their ill-gotten gains in two different ways. 

First, the operators charge that monthly subscription we mentioned above to all affiliates. This covers the cost of developing the malware and also the instructions on how to launch these ransomware attacks. Of course, operators won’t want to accept bank transfers or reveal their identities, so payment is usually made via cryptocurrency.  

The final piece of the RaaS ecosystem is what happens when successful attacks are made. Again, similarly to brands getting a cut when affiliates sell products on their behalf, the RaaS operators will also take a cut of the profits whenever affiliates are able to successful deploy ransomware attacks and exploit funds. 

How can your business protect itself against RaaS attacks? 

What sets Ransomware as a Service apart from more “conventional” cyber attacks is the fact that it’s really an attack vector (i.e. a means of delivering an attack) as opposed to a specific attack in itself. 

As we’ve learned, there are various types of RaaS, and RaaS operators are always looking at new ways to either avoid detection or defeat increasingly well protected systems. This is the human-operated element in action, and it makes defending against RaaS something of a moving target. 

That said, all businesses should deploy the very same tactics that they would for more conventional ransomware. In summary, this defence strategy should include email filtering, robust backup processes, app and update policies, and the deployment of real-time protection via an Endpoint Detection and Response (EDR) platform.   

Learn more about cyber security protection from Get Support 

As part of the IT support agreements we deliver here at Get Support, we offer comprehensive cyber security protection services, including access to our recommend EDR platform of choice, SentinelOne.  

We can also help you set up and configure your cyber security measures, such as Multi-Factor Authentication, as well as consulting on User Awareness Training to help your team become more adept at spotting potential risks such as ransomware. Beyond that, we’ll also advice on essential IT compliance such as Cyber Essentials, GDPR, and PCI compliance. 

To learn more about how we can help bolster your cyber security protection, call the team today on 01865 594 000 or just enter your details into the form below and we’ll be in touch soon.