Ransomware as a service

Ransomware as a service (RaaS) is a cybercrime business model, allowing ransomware developers to write and sell harmful code or malware to other hackers, often known as affiliates, for their own initiation of ransomware attacks through the use of their software. Affiliates typically do not need to have any technical skills of their own but can solely rely on the technical skills of their operators. They provide attackers with easier entry for those who may not have skills to develop their own tools, but rather be able to utilize and manage ready-made tools to perform attacks. Most of the time they involve some type of arrangement between the affiliate and the operator, making successful ransomware and extortion attacks profitable for both parties.

The "ransomware as a service" model is a criminal variation of the "software as a service (SaaS /sæs/)" business model. This model allows small threat attackers to gain access to sophisticated ransomware tools at lower costs, also lowering the threshold of entry into cybercrime and complicating defenses against hacking.

Starting as early as 2012 with the first documented RaaS known as the Reveton ransomware, the intentions of using and developing ransomware expanded rapidly. Their motive of impersonating law enforcement to threaten targets with arrest or criminal charges in exchange for ransom made them highly successful, especially for something relatively new during that time. Other ransomware groups, such as "LockBit", were even able to launch more than 7,000 attacks globally just before their downfall between June 2022 and February 2024, impacting many different organizations, including healthcare, finance, manufacturing, and government agencies, resulting in significant consequences such as data breaches, operational disruptions, and even substantial financial losses. However, the downfall of one group leads to the rise of others. Other groups quickly filled the gap, with "Qilin", being one of the most active ransomware groups in 2025, as well as another group known as "Akira". According to Fortinet, Qilin was able to execute approximately 81 attacks in a single month, which was about a 47.3% increase compared to other groups who grew at slower pace or even declined.

Numerous cases were reported where around 950 companies and institutions experienced some kind of ransomware incident in 2024. The economic damages caused from these cyberattacks were approximately €178.6 billion, an increase of €30.4 billion from the previous year's report.

This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.