Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service mirrors legitimate SaaS: a core group develops the encryptor, leak site, negotiation portal, and affiliate panel, while affiliates handle initial access and intrusion in exchange for a percentage of paid ransoms (commonly 60–80%). The model has industrialised ransomware, lowering the technical bar and enabling double or triple extortion through data theft, DDoS, and harassment of victims. Notable RaaS programs include LockBit, ALPHV/BlackCat, Conti, and REvil. Defences focus on stopping the affiliate kill chain: phishing and exposure reduction, MFA, EDR, network segmentation, immutable backups, fast detection of staging tools, and well-rehearsed incident response and recovery plans.