Skip to content

Ransomware-as-a-Service (RaaS): How It Works

Ransomware-as-a-Service (RaaS): How It Works

As if ransomware didn’t cause enough problems, the situation has now become even worse. The growth of RaaS (Ransomware as a Service) has made it easier than ever for people to carry out these kinds of attacks. As with any threat, the best defense is knowledge. The more you know about a given type of attack, the easier it will be for you to avoid being victimized.

What Is RaaS?

This is basically a form of ransomware for people who don’t have the knowledge or intelligence to craft their own tools. This is a form of SaaS (Software as a Service), much like any other subscription-based software. However, unlike your Photoshop subscription, this is an illegal service that is bought and sold exclusively by hackers and other criminals.

It’s easy to see where this idea likely originated. Criminals are always drawn to the prospect of a large and easy payday. However, only a (relatively) small percentage of them have the necessary skills to craft a ransomware program or use it effectively without help. Those less computer-savvy criminals see the huge amount of money that the hackers are making from ransomware, and they want to get a piece for themselves. Realizing this, the hackers responded by renting out their ransomware for a periodic fee.

How Does Ransomware Work?

In case you don’t understand the basics of ransomware itself, understand that it is aptly named. This kind of software takes over your device and/or network and literally holds it for ransom. They do this by encrypting the entire target drive. It will then be virtually impossible to regain access until the password has been given. Since the hacker will be the only one with the password, they can then blackmail you for a large sum of money.

How much? Well, according to this source, the average ransomware payment in the last quarter of 2020 was $154,108. In the previous quarter, it had been $233,817. The concept is relatively simple but highly effective, and ransomware has resulted in a lot of unfortunate losses for a great many organizations.

How Do They Get Away With This?

This is a question which many of you might be asking. Surely it must be difficult for these criminals to run such an expansive and intricate operation without being caught? The answer can be found by looking at what some people call the “dark web.” This is a term for the hidden parts of the internet, which are mostly populated by criminals and other people with bad intentions. When you combine that with the anonymity of cryptocurrencies, you have a recipe for an illegal online marketplace, and that is exactly what much of the dark web has become.

Using these methods, hackers are able to sell and distribute software programs that they have created. Sometimes, they will even recruit wealthy individuals and groups to finance their activities in return for a share of the profits. Using various forums on the dark web, they will advertise their illicit product in much the same way that a legitimate advertiser might do.

How To Deal With A Ransomware Attack

The best method is prevention through the use of efficient backups. If you make a habit of regularly backing up your entire system/data, it becomes much harder for ransomware to be effective. Instead of paying the ransom, you simply wipe (or replace) the hard drive and re-install from your most recent backup. There will be some losses for the downtime incurred, but it’s a lot less than the cost of paying most ransoms.

That brings us to a fundamental question: Should you pay the ransom? In most cases, the answer should be no. First of all, paying these kinds of scum will only embolden them, and contribute to more attacks in the future. Besides, there is no guarantee that your data will be returned. There is also no guarantee that the data will be returned in its entirety, or that the hacker will not retain some sensitive information for later use. In the end, you just can’t trust the kind of people who do these things.

If you have been victimized by ransomware, and you don’t have a backup system in place, you may feel that you have no choice but to pay the criminals and roll the dice. However, that could come back to bite you later. If news of the hack is leaked, it will be extremely damaging to your reputation. On the other hand, taking the honest route by immediately reporting the breach and refusing to cooperate with the hackers can prevent any real public disgrace.

Social Engineering Is Usually The Vector

Ransomware is a type of malware that has to be installed on the target device before it can do its dirty work. Thus, they have to trick you into installing the malware. Incidentally, this is just one reason to always be careful about what you download. This is particularly true if your browser starts trying to download something without any intent from you. That being said, no one with half a brain is going to go around downloading random things.

Most ransomware attacks begin with a social engineering attack (often called “phishing”). There are many variations on this kind of attack but the theme is the same. They use elaborate ruses to trick a legitimate user into giving up sensitive credentials. This allows them to take control of the system and install the ransomware. The good news here is that basic caution will defeat the majority of these attacks. If you have been hit with ransomware, someone made a big mistake.


With the spread of RaaS software, you can bet that this threat isn’t going away anytime soon. Thus, anyone who stands to be targeted by these criminals should take every available precaution. If you would like to know more, you can call PCH Technologies at (856) 754-7500.