The attacker’s toolkit: Ransomware-as-a-service | VentureBeat

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Security threats evolve just as fast as the technologies used to stop them. New and modified attack strategies are constantly in the works. 

To make matters worse, the attack surface within corporate networks is expanding. The push to work from home increased vulnerable points of entry by introducing multitudes of new endpoint devices. The move to cloud-based services and infrastructure has further resulted in a broader and more challenging landscape to defend.

In recent years, threat actors have begun collaborating with each other in a ransomware-as-a-service (RaaS) model to infiltrate organizations. The RaaS model allows the developers of a ransomware variant to recruit affiliates that exclusively use their ransomware in targeted attacks on organizations. Any ransom payments extorted out of the victims are then divided up between the ransomware developers and affiliate who conducted the attack.

Use of RaaS is still skyrocketing. In fact, one report estimates that 64% of all ransomware attacks were conducted through the RaaS model in 2020.

An industry of its own

RaaS comes in several forms. There are many pricing strategies used by ransomware providers and a variety of nefarious tools available for purchase. Many come bundled with instructions for how to carry out attacks, best practices, ransom strategies, and even an IT help desk. Basically, RaaS can provide the kind of documentation and architecture you’d expect with a popular business SaaS offering, a far cry from the stereotypical, hoodie-wearing rogue actor depicted in pop culture.

Like the SaaS industry, RaaS pricing strategies differ between providers. Some offer their attack services as a one-time purchase, some offer them on subscription plans, and others combine subscriptions with a cut of the ransom fee paid to the developer after a successful attack. Others are highly selective in customer selection, only accepting ‘reputable’ attackers with a proven track record.

The critical piece of…