User:Pahunkat/Ransomware as a service

Ransomware as a service (RaaS) is the use of ransomware as a product to be leased to other criminal organizations. The use of ransomware as a service allows criminals to launch ransomware attacks that can be tailored to each victim, even if they have limited knowledge of programming or inexperience with such campaigns. Almost two-thirds of ransomware attacks in 2020 are believed to have come from operators using a ransomware as a service model.

Ransomware as a service operators have been known to hire a variety of people, including penetration testers who identify and exploit zero day vulnerabilities as a way to infect victims, developers who market the RaaS software to other criminals and negotiators who procure payment from victims in addition to the programmers of the malware.

Negotiators
Some operators of ransomware as a service schemes have been known to use "negotiators", whose job is to ensure that the victim pays the ransom. Tactics used to procure payment from victims include using calls to the victim, distributed-denial-of-service attacks and threats to leak information gained during the ransomware attack.

Finance
Ransomware as a service is marketed and bought on the dark web. Operators of ransomware as a service either lease out their ransomware as a subscription or keep a cut of the ransom taken from victims. Most ransomware as a service operators take between 20% to 50% of ransom payments, with the rest of the money going to the affiliate who purchased the software and other subcontractors (such as those who run the domains on which command and control servers are hosted.

Notable operators and incidents

 * REvil - responsible for the Colonial Pipeline ransomware attack
 * DarkSide
 * John Oliver piece, Coverage


 * Checkpoint
 * Trend Micro