Protecting your System against Ransomware as a Service (RaaS)

January 10, 2021

Cybercriminals use infected websites and phishing emails to spread ransomware. Criminals use this type of malware to encrypt victims’ files, hold them hostage, and demand a ransom pay for decryption keys.

Victims have lost billions in recent years to ransomware attacks. Now, attackers have taken this threat to a whole new level by developing a new ransomware delivery model known as ransomware as a service (RaaS).

RaaS enables cybercriminals to conduct their ransomware operations, including malware delivery and taking ransom payments, through the dark web or as a hire-as-a-service arrangement. The criminals take a portion of the ransom gains by charging a fixed fee.

This article discusses RaaS, how it functions, and will gives tips on how to protect against RaaS.

What is Ransomware-as-a-Service (RaaS)?

Ransomware-as-a-Service (RaaS) borrows from the Software-as-a-Service (SaaS)‘s subscription-based model. But the RaaS model is a malicious one that allows even the most inexperienced cybercriminals to launch ransomware attacks with ease.

RaaS dealers offer their services over the dark web. This hidden, “underground” internet is a hub for cyber-criminal activities such as malware, data breaches, identity theft, and more.

The ease of use of RaaS applications is a significant driver for the increased number of attacks. Setting up a ransomware attack requires criminals to create an account with RaaS providers over the dark web. These providers offer various price packages based on the services included. Generally, this is a cloud-based subscription model where you pay a subscription fee.

Other providers use the “affiliate” model instead of asking for a subscription fee. With this model, affiliates extort ransom money from victims, and the developer collects the money on their behalf. The developer takes a percentage commission from the ransom collected, and the affiliate gets the remainder.

How does RaaS function?

Raas is a malicious franchise-like deployment model whereby deceitful vendors write ransomware code with the intent to rent or sell it to other cybercriminals. Who then plan to launch attacks under an affiliate program. The vendors use the RaaS service to provide step-by-step information and technical know-how to launch a ransomware attack. Raas platforms allow the monitoring of these attacks through a real-time dashboard.

Attacks may target to take control of victim’s computer files and storage systems. Malicious actors and hackers hold these storage systems and computer files hostage and demand ransom payment to return information access to the victim. They share proceeds from successful attacks between the attacker, coder, and the service provider.

How do RaaS attacks happen?

The phishing attack is the most common method used by cybercriminals to spread malware. Through phishing, attackers can steal sensitive data such as payment details and passwords. They make sure that their email messages seem harmless. Attackers present you with a seemingly legitimate email message with links.

By clicking on a link, you unknowingly activate a cyber-attack. The link directs you to an exploit site where you download the ransomware. This ransomware infects your system, disables all antivirus software and firewalls.

Now that the ransomware can progress without detection, it encrypts your files to the point that you cannot access them. Ransomware mostly operates beneath authorized processes, so you are unaware of any data breaches arising.

Once the data breaching succeeds, the attackers deposit a TXT file onto your computer, instructing you to pay the ransom price to receive a decryption key.

Gmail reports blocking 100 million phishing emails every day. Attackers send a daily average of 18 million COVID-19 related phishing emails and malware and an additional 240 million spam messages in April 2020. Goggle’s machine learning models filtered more than 99.9 percent of spam, malware, and phishing sent to protect users.

Protecting against ransomware as a service

The RaaS model’s ease of use and high availability has created more opportunities for novice hackers. It is therefore imperative to take measures that protect your system from ransomware.

Some of these preventive measures are outlined below.

  • Keep a complete backup of your information and systems. In case of a ransomware attack, you can wipe your systems and data and restore from the backup.
  • Where possible, keep remote desktop connections disabled. This prevents malware or attackers from accessing user’s files and devices remotely.
  • Keep macro content in Microsoft Office applications disabled. Cybercriminals, mainly spread ransomware through infected Microsoft Office documents containing malicious macros that download and execute the malware once they are ran. By disabling macros, you prevent compromises even from infected files.
  • Avoid clicking on links and email attachments from unconfirmed sources. Turn on email spam filters and blacklist access to unsafe websites.
  • Secure your data and systems from viruses and ransomware with antivirus solutions. Only use licensed software and ensure they are always updated to the latest version.
  • Invest in phishing protection. This helps detect and block phishing emails the instance they are delivered.
  • Take training or courses on recognizing potential security threats, draft processes, and policies on how to deal with suspicious activities.


Ransomware-as-a-Service (RaaS) adds to the list of the latest driving forces of cyber-criminal activities. One must take preventive measures to address this problem and take it seriously. Affordability and the ease of deployment (among professional and novice hackers) are some primary reasons why RaaS is on the rise.

Peer Review Contributions by: Lalithnarayan C

About the author

Eric Kahuha

Eric is a data scientist interested in using scientific methods, algorithms, and processes to extract insights from both structural and unstructured data. Enjoys converting raw data into meaningful information and contributing to data science topical issues.

This article was contributed by a student member of Section's Engineering Education Program. Please report any errors or innaccuracies to