Ransomware as a Service. What Is It and Why Is It a Threat?

You’ve probably heard about SaaS (Software as a Service). Adobe Creative Cloud, Microsoft Office 365, and Netflix are all examples of SaaS providers. Incode also offers SaaS services.

The days of taking a trip down to your local computer store to purchase physical software —then installing and managing it on a physical device— are long gone. SaaS providers deliver software applications to users over the Internet, often on a subscription basis. The SaaS provider hosts the software on its own servers and takes full responsibility for maintenance, updates, and security.

Since 1999 —considered the birth year of SaaS and by which time the number of worldwide internet users had reached 150 million—, the SaaS industry has grown and grown, revolutionizing how companies operate globally.

That’s a brief overview of SaaS. Now, let’s talk about RaaS.

What is RaaS?

RaaS stands for Ransomware as a Service. It’s a cybercrime business model where attackers offer ransomware tools, infrastructure, and support to other criminals —known as affiliates— often in exchange for a cut of the ransom payments. It is a highly lucrative model for RaaS providers.

Why is RaaS dangerous?

By making ransomware tools easier to access, even criminals with limited technical skills can become affiliates and launch sophisticated attacks. This has resulted in a significant increase in attacks and made ransomware a much larger threat.

LockBit has become one of the most prevalent RaaS operations in recent years. Incode Blog — LockBit has become one of the most prevalent RaaS operations in recent years.

The most notorious RaaS operation of recent years

LockBit is a Ransomware-as-a-Service (RaaS) operation that has been active since around 2019. Its high degree of automation and sophistication combined with its ease of use for affiliates has made it one of the most prevalent RaaS operations in recent years.

Affiliates using LockBit have attacked organizations in a wide range of critical infrastructure sectors, including healthcare, manufacturing, finance, and government. Between January 2020 and May 2023, LockBit was used in approximately 1700 ransomware attacks in the United States, and hackers were paid $91 million in ransoms.

The dangers of double extortion ransomware

LockBit uses double extortion, a tactic where the attacker not only encrypts the victim’s data but also steals it. They then demand a ransom payment for both the decryption key and the assurance that the stolen data will not be publicly released.

LockBit’s speed and efficiency in encrypting data with little manual intervention make it especially dangerous to businesses. It is known to cause significant disruption and financial damage. It has a “Leak Site” where it posts stolen data to pressure victims into paying.

T-Mobile data breach

In August 2021, T-Mobile was targeted by hackers associated with LockBit. It was reported that cybercriminals accessed a large database containing customer information such as names, phone numbers, and even social security numbers in some cases.

The breach was significant given that T-Mobile provides services to millions of people, making the scale and potential for widespread damage much higher than if the hackers had targeted a smaller organization.

Incode helps protect against ransomware attacks by strengthening MFA. Incode Blog — Incode helps protect against ransomware attacks by strengthening MFA.

How to protect your organization against ransomware attacks?

The first piece of advice is to, make regular backups of your most important files. Up-to-date backups are the most effective way of recovering from a ransomware attack

To reduce the likelihood of malicious content reaching your devices, The National Cyber Security Centre in the UK, which acts as a bridge between industry and government, recommends a combination of:

filtering only to allow file types you would expect to receive
blocking websites that are known to be malicious
actively inspecting content
using signatures to block known malicious code

They also highlight the importance of multi-factor authentication, recommending that organizations “enable MFA at all remote access points into the network, and enforce IP allow listing using hardware firewalls.” They also say that using MFA means that if malware steals credentials, they can’t easily be reused.

Incode strengthens MFA with an advanced biometric checks to authenticate that the user is in fact who they say they are.

Incode’s Facial Recognition technology leverages advanced machine learning models, trained on diverse, global data, to compare selfies with ID photos or previously captured images in the database, delivering less than a 0.01% false match rate.

Our Liveness Detection technology examines micro-expressions, lighting, and motion patterns, capturing subtle signals that distinguish genuine users from sophisticated deepfakes.

Meanwhile, our Document Verification technology uses machine learning to process over 4,900 global identity documents, identifying both physical fake IDs and AI-generated forgeries.

Read Incode CEO Ricardo Amper’s piece in Techcrunch on the era of Fraud as a Service (Faas).

Liveness Detection

Facial Recognition

Document Verification

Optical Character Recognition (OCR)

Identity Verification (IDV)

Non-Document Verification

Watchlist

Authentications

Age Verification

Know Your Business (KYB)

Workforce (Know Your Employee)

Financial Services

Online Gaming

iGaming (Gambling)

Marketplaces

Social Media

Healthcare

Hospitality

Telecom

Web Services

Event Experiences

Public Sector

Blog & Whitepapers

Case Studies

Press Releases

Identity Verification (IDV)

Data Verifications

AML Compliance

Authentications

Age Verification

Know Your Business (KYB)

Workforce (Know Your Employee)

About Us

Events

Partners

Life at Incode

Careers