The Dangerous Trend of “Ransomware-as-a-Service”

Ransomware is one of the more nefarious viruses currently in circulation. It involves infecting a computer and locking the user out of their own machine. The user can’t access their files unless they pay the developer a sum of money. Some ransomware will even begin to delete files on the computer if the victim takes too long to pay. We wrote an article discussing what they are, what they do, and how to avoid them. While ransomware itself isn’t news, there’s been a recent spike in ransomware being distributed, and the source is a little scarier than you might think.

This trend began around the end of 2016 when several business sectors found that general malware attacks had fallen but ransomware attacks had increased. Malicious developers weren’t as interested in spreading general malware anymore; ransomware was becoming a great way to profit off of infecting computers.

There are many reasons why ransomware is more favorable than general malware, including a more immediate payoff for the criminal should the victim decide to pay. One of the scarier reasons behind this boom is that budding criminals can now purchase a product called “ransomware-as-a-service.”

Ransomware for Sale


Creating ransomware is not a particularly simple feat! For it to be successful, it has to lock down the victim’s computer, grab all the user’s files under a secure password, and put the user in a situation where their only resort to save their files is to pay up. A lot of people who want to make a quick buck from ransomware may not even know where to begin making one. This is where ransomware-as-a-service comes into play.

Let’s say someone wanted to become a cybercriminal but didn’t have a clue on how to create ransomware. Before, these people would have perhaps just given up on their plan. With ransomware-as-a-service now on the black market, however, they no longer have to. Now they can find someone who’s selling ransomware as a service plan and purchase their product. Then it’s up to the aspiring criminal to package it up and send it to their target.

How the Model Works

One of the scarier elements of ransomware-as-a-service is how inexpensive it is for a criminal to get themselves set up. You may be thinking that such specialised software would tally in the hundreds or thousands of dollars to purchase such specialist software, but there were reports that a popular strand of ransomware called Stampado was being sold to budding criminals for as low as $39.

Developers can afford to sell it so cheaply because they get a cut of the profits. Ransomware attacks typically ask for payments in the hundreds, if not thousands, of dollars. If a payment is made by a victim, the original developers of the software get a cut of that. Given how ransomware gives a fast-approaching deadline before it deletes computer files, people across the globe end up paying up in order to save their files.

The individual criminal will see an immediate payout, while the developer providing ransomware-as-a-service sees financial growth as criminals around their world use their software to make hundreds of attacks. Both the developers and the people who use their software benefit from each successful attack made.

How to Fight It

If this increase in ransomware worries you, don’t worry too much! As with all online threats, being vigilant and careful using the Internet is the best antivirus you can get.

In order for people to infect your computer with ransomware, they need to get it onto your system first. The two main methods reported for distributing ransomware are phishing email downloads and hacked websites. For both, a solid antivirus will definitely help in catching ransomware before it strikes. Make sure your antivirus solution is powerful and ready to tackle any problems it might find. If it’s not, look into getting more powerful solutions that meet your needs. These days even free antiviruses can perform extremely well, so it’s an easy enough fix!

Email Phishing


For email phishing, always treat emails you receive with the utmost care. Phishing has become very complex over the years, especially ones that target businesses. Business-related phishing will go so far as to use the names of the people within the business to get employees to perform whatever the email asks of them. They’re definitely no longer laughably unbelievable scams that depend on gullible people to download files! Always be vigilant when downloading files in emails and make sure it’s from who you think it’s from.

Hacked Websites


This can be a little trickier to avoid, as hackers infect websites that had no intent of spreading viruses and turn them into malware distributors. This means a once-innocent website can turn into a virus hotspot overnight if the owners aren’t careful. A good search engine will flag compromised websites, so you’ll know if it’s safe to click on it or not. Also, using a modern and efficient browser will hopefully catch the attacks before they have a chance to infect your computer. Installing script blocking addons and updating (or uninstalling) old media plugins can also help prevent attacks.

Ransomware Scare

In the world of cybercrime, ransomware has become one of the key ways criminals get a payout. Now presented as a service, budding criminals have access to some of the best software out there. Despite this spike, you can keep yourself safe by being careful with your emails and your browsing habits.

Have you ever encountered a ransomware attack in person? How did it end up? Let us know below.

Simon Batt
Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox