Live Webinar 11/20: SMB Cyber Survival Guide 2025

Ransomware as a Service (RaaS): What brokers & businesses need to know

Coalition Blog Ransomware As A Service

Ransomware is a big business in 2022, and as a result, ransomware operators have transformed their back-office operations into multi-level businesses bringing in millions in revenue.

Consider the ransomware group Conti — one of the most successful online extortion groups of all time. It’s set up like an organized crime unit with leaders, managers and groups using the Conti ransomware platform. Last year alone, Conti generated $180 million in revenue, which supported up to 100 salaried employees at any given time. Recently, the world was given a broader understanding of the organization’s structure after a member of the Conti group leaked two years’ worth of private messaging.

Yes, cybercrime existed prior to the COVID-19 pandemic. But ransomware became a dinner table word last year when the FBI received 3,729 ransomware complaints, with adjusted losses totaling more than $49.2 million. The average ransom demand made against Coalition policyholders, for example, increased 20% in the latter half of 2021.

Along with the surge in frequency of claims, Coalition’s 2022 Cyber Claims Report reveals that the severity and average cost of cyber claims increased by 28% to an average loss of $197,000. This is due to the amount of sensitive and valuable data businesses are storing online, and the amount of money they are willing to pay to protect themselves and their stakeholders, and resume business operations.

The cybercriminal business model: Ransomware as a Service (RaaS)

Cybercriminal groups like Conti are approaching ransomware deployment as a business these days. Like the technology they use to infiltrate your network, their network of bad actors and their ability to monetize their crime is much more sophisticated than ever before when deploying RaaS, or Ransomware as a Service.

RaaS has become a popular cybercrime model in 2021. RaaS allows affiliates to utilize a large operator’s ransomware platform in exchange for a fee. Large operators like Conti then reinvest their earnings into tools such as rented infrastructure, exploit kits, malware programs and stolen data that enable their teams to attack more effectively. In 2021, large operators reinvested 16% of revenue into these tools.

Think of RaaS working within an insurance company operating model (or any other business model for that matter). The insurance company hires brokers to be on the front lines to find businesses and build relationships that lead to revenue. The company invests some of its revenue into tools and knowledge that will enable these brokers to communicate and support clients more effectively in the future, securing more business as a result. The RaaS model is no different.

RaaS has made small businesses even more susceptible to ransomware because the low entry cost makes it very easy for less-sophisticated attackers to target anyone. Rather than developing the ransomware software themselves, novice attackers can simply pay a royalty fee or ransom percentage for use of the RaaS developers' source code.

This pyramid-like model can complicate or even incapacitate the victim’s recovery efforts and add to the severity — even if the ransom is paid — since the executors of the malware may also lack the sophistication necessary to provide effective decryption keys.

The same correlation can be made with more old-school crime models such as large-scale drug organizations, or the mafia. There’s the invisible boss or entity behind it all, and the teams on the streets deploying smaller gangs to make it all happen.

Ransomware has become another organized business, a lucrative one at that with the average ransom demand at $1.8 million. For more information on statistics and current trends in ransomware targeting organizations, download Coalition’s 2022 Cyber Claims Report.