Ransomware-as-a-Service is a cyber-security term referring to criminal gangs that rent ransomware to other groups, either via a dedicated portal or via threads on hacking forums.
RaaS portals work by providing a ready-made ransomware code to other gangs. These gangs, often called RaaS clients or affiliates, rent the ransomware code, customize it using options provided by the RaaS, and then deploy in real-world attacks via a method of their choosing.
These methods vary between RaaS affiliate and can include email spear-phishing attacks, en-masse indisciriminate email spam campaigns, the use of compromised RDP credentials to gain access to corporate networks, or the use of vulnerabilities in networking devices to gain access to internal enterprise networks.
Payments from these incidents, regardless of how the affiliates managed to infect a victim, go to the RaaS gang, who keeps a small percentage and then forwards the rest to the affiliate.
RaaS offerings have been around since 2017, and they have been widely adopted as they allow non-technical criminal gangs to spread ransomware without needing to know how to code and deal with advanced cryptography concepts.
According to a report published today by Intel 471[1], there are currently around 25 RaaS offerings being advertised on the underground hacking scene.
While there are ransomware gangs who operate without renting their "product" to other groups, the number of RaaS portals available today far exceeds what many security experts thought could be available and shows the plethora of options that criminal gangs have at their disposal if they ever choose to dip their toes in the ransomware game.
But not all RaaS offerings provide the same features. Intel 471 says it's been tracking these services across three different tiers, depending on the RaaS' sophistication, features, and