Invest in protection now, or pay a ransom later, you call the shots.
In May 2021, Colonial Pipeline, the operator of the largest fuel pipeline in the United States, was attacked by ransomware and had to shut down for five days. Colonial moves 2.5 million barrels of liquid fuels to the eastern and southern United States every day.
The situation disrupted gasoline and jet fuel supplies to major cities on the East Coast and caused massive fluctuations in fuel prices.
Investigations revealed that Colonial Pipeline was the victim of the DarkSide ransomware-as-a-service (RaaS) variant. DarkSide’s hackers found a trace to the password of an old unused VPN account and leveraged it to break into Colonial Pipeline’s systems.
Incidentally, Bloomberg reported that the password was procured from a batch of leaked passwords on the dark web. The company ended up paying DarkSide $5 million for a decryption key that restored their computer networks which had been disabled all week.
The incident prompted President Biden to declare a state of emergency and subsequently issue an Executive Order on “Improving the Nation’s Cybersecurity.”
This incident underscores the growing threat of Ransomware-as-a-Service (RaaS), a business model where cybercriminals lease ransomware tools to affiliates who then carry out attacks. This approach has lowered the barrier to entry for cybercrime, leading to an increase in ransomware attacks across various sectors.
Think of RaaS as the fast-food franchise of cybercrime. Instead of building a ransomware strain from scratch, aspiring hackers can lease sophisticated ransomware from developers who handle the technical aspects. These cybercriminal masterminds create and maintain the malware, then sell or rent it out to less tech-savvy criminals, often for a cut of the ransom. It’s the ultimate passive income stream for hackers, and business is booming.
The model is as simple and at the same time terrifying. Developers create and update the malware, ensuring it stays ahead of security defenses. Affiliates, also known as cybercriminal customers, pay a subscription or commission to use the ransomware.
Victims which include hospitals, businesses, governments, get locked out of their systems and receive a charming little note demanding payment in cryptocurrency. It’s like a subscription service, but instead of streaming movies, you’re crippling IT networks.
These aren’t just bored basement hackers, RaaS groups operate like full-fledged tech companies. Some even have customer support, user-friendly dashboards, and tiered pricing plans.
Conti, LockBit, Black Basta—these names may not be on the Fortune 500 list, but in the underground economy, they’re running billion-dollar empires. And just like legitimate businesses, they’re always evolving. Some offer live chat support to help victims process payments (because, you know, customer service is key). Others provide “try before you buy” ransomware demos. It’s disturbingly sophisticated.
With RaaS lowering the barrier to entry, cybercrime is no longer exclusive to elite hackers. Now, any disgruntled employee, script kiddie, or cybercriminal wannabe can get in on the action. This means more attacks, more victims, and more financial losses. Even worse? These groups often target critical industries like healthcare, finance, and education, places where downtime isn’t just inconvenient, but life-threatening.
The bad news? RaaS is here to stay. The good news? You don’t have to be an easy target. Zero-trust security policies can help limit access and stop malware from spreading like wildfire.
Multi-factor authentication (MFA) can prevent stolen credentials from being a one-way ticket to disaster. Regular, offline backups ensure that if ransomware attack happens, you don’t have to pay a dime to get your data back. Security awareness training helps employees spot phishing attempts before they become full-blown breaches.
The bottom line? Cybercriminals are running RaaS like a business, so companies need to level up on their cybersecurity.
Invest in protection now, or pay a ransom later, you call the shorts.
As long as there’s money to be made, RaaS isn’t going anywhere. In fact, it’s only going to get more advanced. AI-driven attacks, automated ransomware deployment, and even hacker-for-hire services are on the rise.
Cybercrime is evolving, and if organizations don’t keep up, they’ll find themselves locked out of their own systems with a demand for cryptocurrency staring them in the face.