**4. Ransomware threat landscape**

The modern ransomware threat landscape is driven by the advent of the ransomware as a service (RaaS) business model and the adoption of multiple levels of extortion.

### **4.1 Ranvsomware as a service**

Ransomware as a service (RaaS) is a business model launched by ransomware operators wherein the operators sell ransomware to their customers known as affiliates in exchange of a cut from the ransom. The affiliates launch the cyberattack against the victims whereas negotiations with the victim are managed by the operator.

RaaS has taken ransomware to a whole new plane and is one of the primary reasons why ransomware attacks have become so frequent. RaaS business model is a win-win situation for all the parties involved. A report by Crowdstrike, a cybersecurity firm, states that the ransomware revenues in 2020 were around \$20 billion, up from \$11.5 billion the previous year [11].

The operator now only focuses on developing and monetizing its product. Less sophisticated actors with very little knowledge can enter the playing field, buy the service, and launch targeted attacks. **Figure 6** highlights the RaaS ecosystem. The ecosystem also comprises of initial access brokers (IABs) and Mules. Access brokers are an important component as they are the ones who scan the networks to look for vulnerabilities and gain credential access. Access brokers sell credentials access to the affiliates who leverage that for initial access during an intrusion. The RaaS operators handle the ransom negotiations with the victim. Mules complete the ecosystem and are used for converting cryptocurrency into real currency.
