RaaS is a cybercrime business model in which a ransomware group gives or sells its code or malware to other hackers, who then use it to carry out their own ransomware attacks, sometimes in exchange for giving the first group a cut of the proceeds. RaaS kits are advertised on the dark web.
Deeper Dive
Ransomware was the second most common type of cyberattack in 2022, believed to be in part because of the rise of RaaS, according to IBM’s X-Force Threat Intelligence Index. RaaS was used in the 2024 cyberattack against Change Healthcare, the largest clearinghouse for insurance billing and payments in the U.S., which severely disrupted operations for numerous hospitals, medical offices and pharmacies nationwide.
RaaS helps lower the bar for entry into cybercrime, allowing people with limited technical skills to carry out cyberattacks, an article from IBM noted. It’s mutually beneficial to hacker groups; hacker groups that use the malware can profit from extorting a victim without creating their own programs, and the ones that develop the malware can increase profits without doing the attacks.
Like other types of business subscriptions, RaaS can operate on models like a one-time fee or monthly subscription. Some include 24/7 technical support.
For more information, see What Is Ransomware as a Service (RaaS)? or What is Ransomware as a Service (RaaS)?.