Check out this sentence: “For the author, this business model enables them to scale their earnings from their software with less risk.”
I slightly modified the original, but we’re not talking about a franchise model for software or a cloud partnership program. Instead we’re talking about ransomware, which has become so ubiquitous that it’s sometimes discussed as if it was an MBA class discussion
Indeed, it now has multiple business models, and Ransomware as a Service (RaaS) is gaining in popularity.
There are several different revenue and business models for RaaS. As a SaaS model, RaaS is offered to potential users on a monthly subscription basis, or as a one-time fee. Another common way that RaaS operators work is with an affiliate model. With the affiliate RaaS model, the RaaS operator takes a predetermined percentage of every ransom payout by victims who pay a ransom.
Let’s rewind slightly. Ransomware is when someone breaks into your computer and encrypts it. Typically, when you log on you’re greeted with a banner that instructs you to send Bitcoin to an address to get the decryption key.
That’s from the victim side. But what about the ransomware entrepreneur? He or she may have written an innovative new ransomware package, but they face the challenge of how to monetize it and all the operational hassles of running the scanning network, etc.
For the agile criminal, why not outsource the labor to a best-of-breed provider and focus on the customer acquisition operations (i.e., hacking)? That’s RaaS. Here’s how it works.
- An author writes a ransomware package
- They then partner with a RaaS operator who pays them a percentage of profits (or a one-time licensing fee) and in turn handles the backend campaign, encryption key management, and payments
- The product then has an IRO
That’s for Initial Ransomeware Offering…okay, I made that up but that’s essentially how it works.
RaaS services use a number of different revenue models. Providers may charge a flat-rate monthly subscription, take a percentage of their customers’ profits, use a hybrid of these two models, or charge a one-time licensing fee. Once a RaaS customer creates an account and makes their first payment (usually in Bitcoin), they can select the type of malware they would like to use.
This industry has fueled a surge in Ransomeware packages, according to Fortinet, who reports that the number of different Ransomware variants they track has doubled in the last year, to over 10,000.
I guess you could say that as the go-to-market” strategy has become easier, inventors are able to focus on their value-add. There are millions of people who say sentences like this all day long, but they’re usually talking about phones, cars, or Shark Tank products, not ransomware.
Ransomware as a Service is an exciting new strategy. The total addressable market is massive!
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
Leave a Reply