Ransomware-as-a-Service Explained

Addressing Ransomware-as-a-Service (RaaS) Concerns

Home /  Insights / Articles / Article Details

Recent research suggests ransomware attacks have increased 140% in the past year alone. On average, a ransom demand is $178,000, but an organization’s overall loss could exceed $1 million. The surge in attacks is primarily a result of Ransomware-as-a-Service (RaaS). This dark web business model allows sophisticated cybercriminals to sell ransomware software to willing buyers (usually less skilled cybercriminals) who then launch an attack that compromises a device(s) and demand a significant payment to restore the victim’s technology.

Review the following guidance to understand RaaS’ impact and best practices for addressing RaaS concerns.

What Is RaaS?

The RaaS model operates as a normal business model but with the intent to distribute a harmful product. Initially, a knowledgeable ransomware developer generates malicious software that is highly penetrable and low risk for discovery.

Once the software is ready for distribution, it is launched as a multi-end user infrastructure. RaaS developers seek potential customers through traditional marketing methods, including dark web advertisements and forums. Some developers are more cautious and require customers to demonstrate their technical skills and cybersecurity knowledge prior to purchase.

An approved buyer is provided with access to the ransomware software and product portal. The portal may include detailed software implementation instructions, user reviews, support forums and special discounts or offers for future purchases. Customer software access can be permanent or for an allotted amount of time.

Varying by developer, RaaS purchases can be a one-time sale or a monthly subscription service. Some RaaS developers recruit other cybercriminals to sell their software in exchange for a percentage of the ransom payment. This commission-based partnership is known as an affiliate program.

Once cybercriminals receive the developer's software, they can execute ransomware attacks that result in widespread disruption, damaged or destroyed data, reputational repercussions, and significant financial fallout for the affected organizations. Well-known RaaS incidents include WannaCry, Cerber, MacRansom, Philadelphia, Atom, Hostman and FLUX.

The Impact of RaaS

RaaS poses a serious increased threat to organizations, regardless of size, because it allows less skilled cybercriminals to execute ransomware attacks with a simple purchase. It has increased ransomware frequency and event cost, which compounds the consequences affected organizations face. Further, RaaS model cybercriminals are extremely confident in their malicious software’s strength and motivated to escalate ransom payment demands. This is especially true of RaaS affiliate programs, as higher payment demands provide larger profits.

Addressing RaaS Concerns

Making ransomware prevention and response measures a top priority for your organization is the best option to minimize the growing threat of RaaS. Ransomware attacks are commonly deployed through phishing emails, deceptive links, dangerous websites, harmful attachments and malicious programs.

Review these best practices for combatting ransomware attacks.

Secure your systems

Establish steps to protect your organizational IT infrastructure from potential ransomware exposures, including:

  • Utilizing a virtual private network (VPN) for all internet-based activities
  • Installing antivirus software on all workplace technology
  • Implementing a firewall to block cybercriminals from accessing your organization’s VPN
  • Restricting employees’ access to unsecure websites
  • Establishing email filters to block phishing messages from employees’ inboxes
  • Encrypting and routinely backing up sensitive data on all organizational devices
  • Limiting employee administrative controls to prevent inexperienced staff from downloading a malicious program
  • Regularly updating all organizational devices and security programs to ensure effectiveness
  • Developing a cyber incident response plan that considers ransomware scenarios

Educate your employees

Train your employees how to prevent and respond to a ransomware attack. Provide your workforce with these tips:

  • Avoid opening or responding to emails from unknown individuals or organizations. Verify an identity from a trusted source by double-checking the address.
  • Never open suspicious emails, website links or pop-ups. Avoid downloading attachments or software programs from unknown sources or locations.
  • Only browse safe and secure websites on organizational devices. Refrain from personal browsing on workplace devices.
  • Contact your manager or IT department if you suspect a ransomware attack.


We're Here to Help

Understanding the risks ransomware can create for your organization and knowing how to reduce those risks can be daunting. Connect with a member of our team for additional cyber risk management guidance and insurance solutions.

© Copyright CBIZ, Inc. and CBIZ CPAs P.C. (together, “CBIZ”). All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ is the brand name for CBIZ CPAs P.C. and CBIZ Advisors, LLC (together), a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of growth-oriented companies. CBIZ Advisors, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ). CBIZ CPAs P.C. is an independent CPA firm that provides audit, review and attest services, and works closely with CBIZ, a business consulting, tax and financial services provider. CBIZ and CBIZ CPAs P.C. are members of Kreston Global, a global network of independent accounting firms. This publication is protected by U.S. and international copyright laws and treaties. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.

Addressing Ransomware-as-a-Service (RaaS) Concernshttps://www.cbiz.com/LinkClick.aspx?fileticket=szzvqyAh3GQ%3d&portalid=0Recent research suggests ransomware attacks have increased 140% in the past year alone. On average, a ransom demand is $178,000, but an organization’s overall loss could exceed $1 million. 2021-07-26T16:00:00-05:00Recent research suggests ransomware attacks have increased 140% in the past year alone. On average, a ransom demand is $178,000, but an organization’s overall loss could exceed $1 million. Risk MitigationProperty & Casualty InsuranceYes

    Your Team is always ready, no matter what you need. Connect with an expert today.

    Connect with Us