Ransomware-as-a-Service (RaaS) has become a major issue for businesses and other organisations as it allows criminals to rent out malware for use in cyber attacks.
In contrast to traditional cyber crime, RaaS provides an extensive support structure for the attacker, including customer service, tech support, and a variety of ransomware variants.
The RaaS operator earns a proportional amount of the ransom paid, whilst the RaaS user, or “affiliate”, earns a percentage of the ransom paid, after an attack is conducted successfully.
There are several measures that can be taken in order to mitigate the risk from RaaS, including the use of multiple redundant backups, kept both on and off site, as well as keeping all software up to date and training staff in order to reduce the risk of human error.
It is also pertinent for a RaaS user to continually evolve their tactics, techniques and procedures, as well as to make sure that malware is operated within the confines of the law, or significant penalties may arise.