R
RaaS (Ransomware as a Service)
A business model where ransomware developers sell or lease their malware to affiliates who conduct attacks and share the profits.
What is RaaS?
Ransomware as a Service (RaaS) is a cybercrime business model where ransomware operators develop malware and provide it to affiliates who carry out attacks. Revenue is shared between developers and affiliates, typically 60-80% to affiliates.
How RaaS Works
Operators:
- Develop and maintain ransomware
- Provide infrastructure (leak sites, payment systems)
- Handle negotiations and payments
- Recruit and support affiliates
Affiliates:
- Gain initial access to targets
- Deploy ransomware
- May specialize in specific industries
- Share ransom payments with operators
RaaS Business Models
- Affiliate Programs: Profit sharing arrangement
- Subscription: Monthly fee for access
- One-time Purchase: Buy ransomware outright
- Pure Profit Split: No upfront cost, percentage based
Notable RaaS Operations
- LockBit
- BlackCat/ALPHV
- Conti (defunct)
- REvil (disrupted)
- Hive (disrupted)
Defense Strategies
- Regular, tested backups
- Network segmentation
- Endpoint detection and response
- Email security
- User awareness training
- Incident response planning