Cyber-attacks have become one of the hugest business risks in recent years. According to a study by Cybereason, 17 percent of the German victim companies surveyed paid between 300,000 and 1 million euros in ransom after a ransomware attack to get data back. But, this often had only moderate success. 40 percent of the companies that paid the ransom said that a part or whole data was damaged during the recovery process.


The fact is: The consequences of ransomware attacks are massive. The direct financial damage caused by paying a ransom and disrupting a business is only one of the consequences. As further consequences, it led to an enormous loss of image (> 50 percent), layoffs at the management level (28 percent), layoffs as a result of financial damage (19 percent), and even company closures (20 percent).


The bad news is: It is becoming apparent that soon, the potential risk of ransomware will intensify. And one trend, in particular, stands out: Ransomware-as-a-Service.

Why should I use Flutter

What is Ransomware-as-a-Service (RaaS)?

Ransomware-as-a-Service (RaaS) is a subscription-based model that enables users, also known as affiliates, to use ransomware tools to execute attacks. As opposed to regular ransomware, RaaS is a provider of out-of-the-box ransomware tools to subscribers who pay to be an affiliate of the program. Stemming from Software-as-a-Service (SaaS), RaaS affiliates are paying for the ongoing use of malicious software.


Some affiliates pay less than $100 per month, while others pay upwards of $1,000. Regardless of the subscription cost, affiliates earn a percentage of each successful ransom payment following an attack. RaaS enables malicious attacks with an effortless collection of lucrative rewards. Even the users having no prior knowledge or experience in the field can take this advantage. Cerber is one example of a popular RaaS on the market.

The Four Ransomware-as-a-Service Revenue Models

Most RaaS arrangements fall under one of the four following revenue models:

  • Monthly Subscription: Users pay a flat fee every month and earn a small percentage of each successful ransom.
  • Affiliate Programs: A small percent of profits go to the RaaS operator intending to run a more efficient service and increase profits.
  • One-time License Fee: As the name indicates, users pay a one-time fee with no profit sharing. Affiliates then have access in perpetuity.
  • Pure Profit Sharing: Profits are divided among users and operators with pre-determined percentages upon the license purchase.

Once you familiarize yourself with these RaaS models, you should begin formulating a defense plan.

What Can Companies Do To Protect Themselves?

Following are some ways that can help companies protect themselves from the RAAS attacks:

  • Backing up critical data with a secure cloud backup or offline solution.
  • Improving cybersecurity training for employees.
  • Regular updating of operating systems and applications.
  • Installing the latest security patches.
  • Using encrypted protocols like SSL wherever possible.

In addition, companies should know that a cyberattack can take place any day and at any time. So it makes sense to complement the internal security team with managed detection and response (MDR). With MDR, the corporate network is monitored around the clock by external experts who can immediately identify and isolate potential damage. Such a system, which is active around the clock, is also important from the view that encryption and system locks are extremely difficult to undo once they have been activated.

The Future of RaaS

In the future, RaaS attacks are only going to increase in frequency and gain popularity amongst cybercriminals. One recent survey found that over 60 percent of all cyberattacks in the past 18 months were RaaS in nature. The ease of use — and the fact that no technical experience is necessary — is only broadening the appeal of RaaS. 


We can also expect an uptick in RaaS attacks focusing on critical infrastructure. It includes healthcare, government, transportation, and energy. As supply chain difficulties persist through 2022, hackers see these key sectors and institutions as more vulnerable than ever. It will further put industries like hospitals and power plants in the crosshairs of RaaS attackers.


A popular RaaS platform on the market, Netwalker, has been specifically targeting healthcare and educational institutions. And, to defend against these attacks, it’s likely that organizations will invest even more heavily in both, proactive threat detection and employee training to reduce human error as a point of failure.