Ransomware-as-a-Service (RaaS) allows cybercriminals to pay for access to ransomware tools and infrastructure without needing extensive technical knowledge. While potentially dangerous, RaaS is not actually illegal to purchase in most parts of the world. However, using RaaS to deploy ransomware attacks is very much against the law. In this article, we’ll explore where cybercriminals can buy RaaS access and what is being done to combat the growth of this industry.
What is Ransomware-as-a-Service?
Ransomware-as-a-Service (RaaS) is a business model that enables cybercriminals to pay for access to advanced ransomware tools without needing extensive technical knowledge or resources. RaaS platforms are hosted by developers who take care of maintaining the ransomware code, infrastructure, ransom collection, and payments.
RaaS customers simply purchase or rent access to the platform. They can then launch ransomware campaigns against targets of their choice. The RaaS developer takes a percentage of any ransoms paid. This revenue sharing model makes it easy for large numbers of unskilled criminals to get involved in deploying ransomware attacks.
Key Features of RaaS
– Access to advanced ransomware infrastructure without technical skills
– RaaS developers handle code, hosting, ransom collection etc.
– Customers pay a fee to deploy ransomware campaigns
– Revenue from ransoms is shared with the RaaS operator
– Low barriers to entry for unskilled criminals
Where Do Criminals Buy RaaS Access?
There are several ways cybercriminals can purchase access to RaaS platforms and tools:
Dark Web Marketplaces
Many RaaS services are bought and sold on dark web marketplaces such as:
– Russian Market
– Genesis Market
– White House Market
– ASAP Market
These sites function similar to legal ecommerce sites, but offer illicit products and services. RaaS developers can list their services for sale just like any normal product. Criminals can browse for RaaS access, compare options, read reviews, and place orders. Payment is made via cryptocurrencies.
Criminal Forums
Underground online forums are also used to facilitate RaaS transactions. Developers may advertise their services in forum posts. Criminals can also connect with sellers through private messages. Some examples of forums used to sell RaaS include:
– XSS Forum
– Cracked Forum
– RaidForums
– Russian Hack Forums
Payment and delivery of RaaS access credentials is arranged privately. These direct dealings are riskier than marketplaces but allow for negotiation.
RaaS Affiliate Programs
Many RaaS developers run affiliate programs to recruit new customers. These provide partners with a unique affiliate link to share. If someone signs up for the RaaS using their link, the affiliate gets a percentage of profits.
Affiliate programs incentivize cybercriminals to promote RaaS services across forums, websites, and social media. This helps sellers rapidly scale their customer base.
What Does RaaS Access Include?
RaaS platforms don’t just provide the ransomware executable file. They offer a suite of supporting tools and services that customers need to launch successful attacks, including:
Ransomware Payloads
Customers get access to the core ransomware program needed to encrypt files and hold systems hostage. Popular options include Revil, Conti, LockBit, and Phobos. Payloads can be tailored with specific encryption algorithms, ransom demands, or victim targeting.
Command and Control (C2) Infrastructure
The C2 server is used by ransomware operators to communicate with infected devices in a botnet. This allows them to deploy the ransomware and track impacted systems. RaaS platforms maintain the backend infrastructure and provide access credentials.
Ransom Collection Sites
These anonymous payment sites are used to handle ransom payments from victims. The sites provide payment instructions and house the wallet addresses used to collect cryptocurrency ransoms.
Ransom Negotiation Services
Many RaaS providers offer negotiation services to help maximize ransom payments from victims. Experts reach out to targets and pressure them to pay. They may also negotiate discounted ransoms.
Money Laundering Services
Collected ransoms need to be laundered into clean cash. RaaS platforms maintain networks of money mules and connections for laundering funds.
Technical Support
RaaS sellers offer technical support to help customers correctly deploy ransomware without being detected. This maximizes the criminal’s return on investment.
RaaS Pricing, Plans, and Options
RaaS platforms offer different subscription plans and pricing models:
Rental Model
Customers can pay for short term access ranging from 1 week to 1 month. This allows testing out services before longer commitments. Rental pricing might be around $500 per week.
Partnership Model
With partnerships, affiliates get unlimited access to RaaS tools but the provider takes 50% or more of all ransoms earned. Partnerships encourage high activity.
Purchase Model
Full purchase options allow unlimited long term use of the RaaS platform for a fixed high price. Purchases typically cost between $1000 to $3000.
Hybrid Model
Some platforms offer hybrid pricing with an upfront purchase fee plus revenue sharing on ransoms. This helps offset the developer’s risk.
| Plan | Pricing | Terms |
| Rental | $500 per week | 1 week – 1 month access |
| Partnership | 50% revenue share | Unlimited access |
| Purchase | $1000 – $3000 | One-time fee, unlimited |
| Hybrid | Upfront + revenue share | Unlimited with offset fee |
RaaS platforms also offer different feature packages:
Entry-Level
Basic ransomware executable with limited support and infrastructure. Low short term cost but higher shared revenue.
Standard
Adds more robust C2 and payment site capabilities. Some negotiation services. Mid-range pricing.
Premium
Enterprise grade ransomware with full infrastructure and maximum support. Highest capabilities but high upfront cost.
The specific RaaS pricing, packages, and terms vary across different sellers. Most offer free demonstrations or trial periods to attract new customers.
Is It Legal to Purchase RaaS Access?
In most parts of the world, it is technically not illegal to purchase access to RaaS services. The tools and infrastructure provided can be used for many purposes, not just criminal activity.
However, if the intent is to use RaaS specifically to deploy ransomware attacks, that becomes highly illegal. Criminal penalties prohibit:
– Damaging or interfering with computers without authorization
– Deploying malware or viruses
– Engaging in wire fraud or extortion
– Money laundering
– Threatening physical harm
– Causing loss of life or injuries
These charges can lead to massive fines and decades in prison in most countries. Purchasing RaaS access with intent to deploy ransomware attacks is a severe crime.
Efforts to Combat RaaS Growth
Law enforcement and cybersecurity researchers are striving to counter the growth of RaaS with several key strategies:
Infiltrating Dark Web Markets
Authorities are partnering with researchers to infiltrate dark web marketplaces selling RaaS. They gather information on sellers, customers, payment methods, and infrastructure. This enables tracking ransomware operations and attributing attacks.
Following the Money
Blockchain analysis firms are getting better at tracking ransom payments and identifying money mule networks. This allows law enforcement to seize funds and arrest launderers.
International Cooperation
As RaaS becomes a global problem, international law enforcement groups like Interpol and Europol are joining forces to detect and disrupt ransomware operators across borders.
Building Cyber Defenses
Bolstering cybersecurity defenses makes organizations more resilient to ransomware deployed with RaaS tools. Widespread adoption of measures like multi-factor authentication could help blunt attacks.
Educating Businesses
Informed organizations are less likely to make ransomware payments. Education campaigns on issues like the dangers of RaaS seek to cut off the revenue streams funding these criminals.
The Future of Ransomware-as-a-Service
RaaS has proven to be a potent model for scaling up ransomware attacks. By outsourcing infrastructure burdens, developers can focus on innovating new ransomware capabilities and business partnerships.
The early successes of RaaS indicate it is an economic model likely to persist. We can expect ransomware groups to continue investing in new self-service platforms and affiliate programs that maximize their profits and infection reach. Users will also come from a wider pool as bitcoin and the dark web become more mainstream.
However, the growth of RaaS also spurs an intensified response from cybersecurity defenders. With improved security and law enforcement disruption, deploying ransomware could become far costlier and riskier for criminals drawn in by RaaS. The coming years will prove whether defenders or attackers have the advantage in the cat-and-mouse game of ransomware innovation.
The Bottom Line
RaaS provides cybercriminals an easy onramp to deploying ransomware by handling the technical backend. Customers can conveniently buy access to advanced tools and infrastructure through dark web marketplaces, hacking forums, and affiliate programs. However, using RaaS to spread ransomware is extremely illegal. Ongoing law enforcement and cybersecurity efforts seek to crack down on RaaS sellers and cut off their revenue streams. But the profitability of RaaS indicates it is likely here to stay as a booming criminal enterprise.
