As the internet rose to power in the early 2000s, software companies began to offer their applications to customers in a new way: as a service. Software as a Service (SaaS (News - Alert)) allows users to receive continuous support for the programs they want and need, to include patches and updates with new, useful features as well as accessibility across devices, scaling for shared accounts and more. In return, software developers tend to benefit from subscription payments rather than one-time purchases, and they can exert some control over the manners in which customers use their products. SaaS was a revolution, and for most people, it had positive outcomes.

Unfortunately SaaS inspired another revolution, this one with less beneficial results. For years, cybercriminals interested in using malware to infiltrate devices, steal data and accomplish other nefarious deeds were forced to learn the complexities of computer programming and networking to deploy attacks. However, the rise of SaaS has encouraged some savvy cybercriminals to begin offering malware as a service in the same way. Ransomware as a Service (RaaS) is now remarkably popular, and it could have devastating ramifications on the future of the web.

What Is RaaS?

As the name suggests, RaaS is a business model in which cybercriminals pay ransomware developers and operators to launch ransomware attacks. RaaS kits make it easy for would-be cybercriminals lacking the skill, interest or time to create their own variant and begin targeting businesses and web users with attacks. Despite being a criminal enterprise, many RaaS providers offer 24/7 support, ample user reviews, forums for troubleshooting and ideating and a number of bundled offers and features, such as additional malware programs.

The RaaS market is competitive, and marketing is a must for established and up-and-coming RaaS developers, alike. On the dark web, it is easy to find professional-looking websites dedicated to RaaS tools; RaaS providers advertise aggressively and produce valuable content, like white papers, videos, social media posts and more, to draw customers in. To remain competitive, more ransomware developers are putting effort into increasing the diversity and sophistication of their offerings, meaning that a greater amount of higher-quality ransomware is flooding the web.

How Does RaaS Work?

In many ways, RaaS functions just as regular, non-criminal SaaS does. RaaS developers recruit customers, give them access to their ransomware kit through a dedicated dashboard, creates a victim payment portal and manages a leak site, if that type of extortion is a component of their ransomware. Meanwhile, RaaS customers, who are often called affiliates, will agree to a payment model and make payments to use the ransomware, set ransom demands and target victims, executes the ransomware and communicates with victims and manages decryption keys.

Raas kits are available for as little as $40 per month to as much as a few thousand dollars — which are paltry sums considering that the average ransom demand in 2022 was around $10.2 million. Of course, not every RaaS has the same revenue model. Many RaaS providers demand a monthly flat fee as a subscription to their service, but many take a portion of the profits earned through ransoms. Because not every attack needs to be successful for a criminal to turn a substantial profit, many developers are eager to claim 20 to 30 percent of an affiliate’s earnings.

What Are the Effects of RaaS?

Between 2020 and 2021, the number of ransomware attacks worldwide increased by 105 percent, and after a brief plateau, reports of ransomware are again beginning to rise. Unfortunately, the cybercriminal lifestyle is becoming increasingly attractive to those who are beginning to suffer due to inflation, and today, anyone with the Tor browser and a bit of Bitcoin can take control of a ransomware and begin launching attacks on innocent users, minimal computer science skill necessary. As the amount of ransomware online spikes, the quality of the internet will begin to degrade. While it’s unlikely that we will abandon the internet entirely, it will certainly need to undergo significant changes to remain usable in the face of so many threats to users.

Until the internet becomes utterly riddled with ransomware, users can and should increase their security with virus protection software. Though it may not protect against the latest RaaS packages, it will help users navigate the web safely and avoid known threats.