Ransomware is an insidious and pervasive security threat that continues to evolve and grow in its efforts to profit from cyberattacks on businesses. The latest development in Ransomware’s evolution isn’t technology-based, but rather a new organizational business model: Ransomware As A Service or RaaS.

The RaaS business model creates an arrangement between an operator, who develops and maintains the tools to power ransomware extortions, and an affiliate, who actually deploys the ransomware and puts it into play against a target. When the affiliate’s attack is successful, both the operator and the attacker profit.

This RaaS approach lowers the barrier to entry for attackers who may not have the advanced technical skills to develop their own ransomware tools, but are fully capable of managing ready-made penetration tools to perform attacks. It allows lower-level cybercriminals to just buy network access from a more sophisticated criminal group that has already breached a perimeter. These RaaS affiliates are not necessarily part of the ransomware developer’s gang, but instead are their own distinct enterprises operating within the overall cybercriminal eco-structure.

Many RaaS providers even offer a suite of extortion support products such as leak site hosting, decryption negotiation, and cryptocurrency transaction services.

This new business model has obviously facilitated the rapid organization, growth, and proliferation of ransomware attacks. It provides increased capabilities and tools to a broader range of cybercriminals.