Ransomware uses traditional software attack vectors to first infect a victim’s computer, encrypt their data, and hold the victim’s information for ransom. Traditionally, ransomware attacks have been confined to individual groups, where a single group develops the malware, distributes this malware to victims, and collects on the ransom. Ransomware as a Service (RaaS) is a new paradigm which allows criminals with limited hacking experience to purchase ready-to-launch ransomware attacks from separate “RaaS kit” developers. These developers not only provide the code required to launch a malware attack – they also offer lists of potential targets, dashboards to track the success of campaigns, and offer personalized support for ransom negotiations and cryptocurrency exchange. This article provides a perspective on the RaaS ecosystem, outlining the different business models employed by RaaS kit developers, including subscription services and affiliate programs.
