Skip to main content
banner image
venafi logo

What is Ransomware-as-a-Service (RaaS)? Need-to-Know in 2022

What is Ransomware-as-a-Service (RaaS)? Need-to-Know in 2022

February 1, 2022 | Brooke Crothers

Cybersecurity threats are only increasing as the digital transformation continues. And one of the biggest threats in 2022 is Ransomware-as-a-Service (Raas), which offers bad guys easy access to all the essential resources to launch a ransomware attack.

Do You Understand the Anatomy of a Supply Chain Attack? Download the White Paper.

While Colonial Pipeline, Kaseya, JBS, and the Ukraine cyberattack stand out as examples of recent ransomware incidents, the threat is everywhere.

“By the end of 2021, it’s estimated that an organization will be hit by ransomware every 11 seconds,” according to a Venafi-sponsored study conducted by Sapio Research, which evaluated data from 1,506 IT security officers across the U.S., U.K., Germany, France, Benelux and Australia.  

Enter the RaaS Economy. “If you're unfamiliar with RaaS, then just know that it's a business for criminals, by criminals to make carrying out ransomware attacks that much easier,” according to Palo Alto Networks.  “The operators…run the RaaS…like a perverted version of a media streaming service – delivering new content directly to their subscribers.”

(See: Venafi’s Global Security Report.)

The key takeaway is RaaS lowers the technical barrier of entry and thus becomes a force multiplier for the ransomware economy. “The easier it becomes to acquire these services, the more appealing they become to potential cybercriminals looking to break into the game. RaaS frees individuals from needing the technical knowledge and know-how to craft their own ransomware or even to break into an organization's network,” says Palo Alto Networks.

Like any business, both ends of the business model benefit. The operator gains scale and can focus on maintaining the backend infrastructure, while the affiliate gets access to the ransomware and infrastructure and can focus on infiltrating networks and infecting computers, as noted by Check Point Software.

The RaaS model

“RaaS operators maintain the ransomware malware, offer a payment portal for victims, and may provide the ‘customer service’ that victims might need,” says Check Point.  Affiliates are responsible for spreading the ransomware. Any ransom paid is split between the operator and the affiliate.

As a new, burgeoning underground economy, ransomware operators seek fast growth, according to Lotem Finkelstein, Head of Threat Intelligence at Check Point Software.

“RaaS is yet another example of how threat actors consider their attacks as a business – and constantly seek growth,” Finkelstein said in comments made to Venafi.

“The RaaS model offloads the actual attack from the gangs and they enjoy the commissions. They already have the product ready, and…provide relatively unskilled attackers with the power to execute these complex attacks,” according to Finkelstein.

“This was definitely the accelerator for ransomware in the past 18 months,” he adds.

LockBit, REvil/Sodinokibi, DarkSide, and Netwalker are criminal gangs noted for advertising on their affiliate programs on underground forums in a constant hunt for new affiliates.

And as affiliates grow so does the threat. In 2020 the total amount of ransom paid by cyberattack victims was close to US$416 million. This figure is projected to double in 2021 and double again in 2022. And the total average cost to rectify ransomware attacks is estimated to be $1.85 million, more than double the US $761,106 cost reported in 2020, according to Sophos. 

The great disappearing act

Another reason for RaaS growth is flexibility and mutability. A ransomware variant can seemingly vanish overnight and then reappear under another name. If the ransomware is getting too much media attention or not working as expected, just do a reset. “Not a big deal; roll the dice on a new RaaS,” says Palo Alto Networks, adding that this makes it challenging to attribute attacks to any single criminal organization.

Greed of course is at the root of all RaaS as headlines blare out news about attacks raking in tens of millions of dollars. As long as these headlines keep appearing, RaaS will continue to thrive.

Venafi can help

Venafi CodeSign Protect is an all-in-one machine identity management solution for code signing keys and certificates. Insecure private keys, rogue software teams, and lack of policy enforcement loom as constant challenges. An in-depth understanding of the latest code signing compromise techniques could be what saves your network from a financially devastating cyber-attack. To support IoT and Zero Trust security models, explore the enterprise wide machine identity management provided by Venafi Trust Protection Platform 

Related Posts 

Like this blog? We think you will love this.
Featured Blog

Lloyd's Backs Off Insurance for State-Sponsored Cyberattacks

Cyber related businesses are ‘e

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more