Ransomware as a Service—Cyberattack for Hire. A Threat to Your Company Too

Ransomware is no longer limited to skilled hackers. The rise of Ransomware as a Service (RaaS) has made it alarmingly easy for criminals to launch cyberattacks. Even small companies that once believed they were safe are now frequent targets. This article explains how RaaS works, why it’s so dangerous, and what you can do to protect your organisation.

What is Ransomware as a Service? It represents a deeply concerning evolution in cybercrime. It enables a growing number of offenders to launch ransomware attacks with little to no technical skill. This commercialisation of digital extortion has led to a rise in indiscriminate, high-impact incidents—increasingly affecting vulnerable targets such as small and medium-sized businesses. The consequences are far-reaching: financial loss, service disruption, reputational damage, and emotional toll. Addressing this threat requires not only technical defences, but also awareness, coordination, and sustained investment in prevention.

Ransomware as a Service (RaaS)—Statistics

• 95 ransomware groups were active in 2024, up from 68 the previous year—a 40% increase that reflects the rapid growth of the ransomware ecosystem. [Cyberint]
• $75 million—the highest recorded ransomware payment as of March 2024. The average ransom demand in early 2024 exceeded $5.2 million. [TRM Labs]
• In 70% of ransomware attacks in 2024, the victim’s data was successfully encrypted. [Sophos]
• In 2023, SMEs were the target of about 43% of all cyberattacks. Many of these firms lack the resources to recover. [Forbes]

RaaS enables individuals with little or no technical expertise to launch damaging ransomware attacks. Criminal operators offer ready-made toolkits that include encryption software, control panels, automated processes, and payment systems—often with support channels to ensure the attack is carried out. This article outlines how the RaaS model works, why it poses a growing threat to businesses, and what steps organisations can take to protect themselves.

As part of the effort to strengthen cyber resilience, the Polish Platform for Homeland Security offers cybersecurity training as part of the EU-funded CYRUS project—for both beginners and advanced users, including a dedicated course on ransomware. More information can be found at the end of this article.

PPHS also coordinates the CYCLOPES Cybercrime Practitioners’ Network. In July 2025, it will host a Joint Live Exercise (JLE) with experts from over 15 European countries to explore law enforcement responses to ransomware, highlighting effective practices for identifying and pursuing criminal groups.

How Does Ransomware as a Service Work

Let’s take a closer look at how RaaS works and why it poses such a serious threat—even to smaller companies that may believe they aren’t attractive targets for cybercriminals.

What makes RaaS so dangerous is its accessibility and simplicity. The attacker doesn’t need to be an expert. All they need to do is purchase access to a RaaS platform, select a target, and launch the prebuilt tool. Often, the entire process takes just a few clicks. The cost? Sometimes as little as a few hundred Euro. The consequences? Potentially devastating—from operational paralysis to ransom payments in cryptocurrencies, which can make it challenging for law enforcement to track and trace.

Behind these services are well-organised cybercrime groups operating globally. The most prominent include LockBit, Clop, BlackCat (ALPHV), and the now-defunct Hive and REvil. These groups run full-scale criminal platforms, providing tools, manuals, and support in exchange for a share of the ransom profits. This means that even people with no prior experience can conduct sophisticated attacks.

Previously, ransomware attacks required careful planning and the coordination of experienced groups. Targets were large organisations with valuable data and high sensitivity to system downtime. But in today’s world of automation and RaaS tools, the barriers to entry have dropped. Cybercriminals can now afford to target smaller organisations, knowing they can still make a profit with minimal effort or risk.

As a result, RaaS attacks have become widespread and indiscriminate. Criminals no longer need to plan complex campaigns—they can simply "try their luck" and hope for a quick gain. That means businesses of all sizes and sectors—including local and family-owned companies—are now regular targets.

Unfortunately, these attacks are often successful. All it takes is one security gap, an unaware employee, or outdated software. Each successful attack fuels the growth of cybercrime, lowering the entry bar further and even encouraging individuals to launch attacks for ‘easy money’.

Consequences of RaaS Attacks and Real-Life Case Studies

The consequences of a ransomware attack using the RaaS model can be severe and long-lasting. Common impacts include:

• Shutdown of key operational systems (e.g. fleet management, logistics, scheduling, production),
• Loss of data,
• Exposure of sensitive information.

Businesses may also suffer loss of reputation and client trust, reduced revenue, and high costs of system recovery, security audits or ransom payments. Moreover, once a system is breached, access is often sold on to other criminals, leading to repeat attacks. Here are some real-life cases of recent ransomware attacks:

In 2024, the Jędrzejów District, in Poland, was targeted by the emerging RaaS group RansomHub. Specific details about the immediate outcomes of this attack on the Jędrzejów District are not publicly disclosed. The incident highlighted the growing threat to local government infrastructure and the increasing capabilities of newly formed cybercriminal networks. [CyberDefence24]

In 2024, AIUT S.A., a Polish company specialising in industrial automation and robotics, fell victim to a RaaS attack orchestrated by the Hunters International group. The attackers infiltrated AIUT's systems, exfiltrated sensitive data, including employee passport scans, and encrypted critical files, disrupting the company's operations. Subsequently, the attackers listed AIUT on their data leak site, threatening to publish the stolen information unless a ransom was paid. [CyberDefence24]

In 2023, the Danish hosting provider CloudNordic was hit by a ransomware attack that resulted in permanent data loss for clients. Negotiations failed, and many customer companies lost websites and databases—some permanently. This case highlights how RaaS can not only cripple a business but severely impact its clients, particularly small and medium enterprises relying on outsourced IT. [TechCrunch]

Ransomware Protection and Prevention

There is no single, guaranteed method of defence. However, companies can greatly reduce their risk by adopting good practices and building resilience on several levels. And most importantly—effective defence begins not with technology, but with people.

The human factor is both the weakest and most crucial link in the security chain. Most successful attacks start with a simple mistake: clicking a malicious link, entering login credentials on a fake page, or ignoring a system warning. That’s why cybersecurity training should be the first and most essential step for any organisation. A trained employee can spot a threat and act before damage is done.

Of course, technical measures are also vital and should complement education:

• Regular updates of systems and software to patch known vulnerabilities.
• Reliable and tested data backups to avoid paying ransoms.
• Network segmentation and access controls to contain the spread of malware.
• Continuous monitoring and fast incident response to minimise damage.

A well-trained team, supported by proper tools and procedures, is the foundation of any effective defence strategy.

Training for Businesses—An Investment in Cyber Resilience

In response to the growing threat of cybercrime, the Polish Platform for Homeland Security, as a partner in the CYRUS project, offers a range of professional cybersecurity training courses. These are designed for company employees, managers, IT specialists, and anyone looking to strengthen their digital awareness and readiness.

Available courses cover:

• Cybersecurity fundamentals,
• Data encryption principles,
• And ransomware-specific threats.

Courses are available via e-learning (at your own pace) or live online sessions with trainers. Dozens of additional courses provided by other partners are also available for organisations across Europe.

Most importantly—all courses are completely free, thanks to funding from the European Union. Their goal is to strengthen the resilience of European enterprises and promote a culture of security in the workplace.

As technology continues to evolve, cybercrime will inevitably grow with it. New defensive tools will emerge, but the human factor will remain critical to any defence strategy. Well-trained employees can limit the success of an attack more effectively than any software. That’s why educational efforts must become a routine part of daily operations, not just a reaction to incidents.

PPHS: 20 Years, Hundreds of Courses, Thousands Trained

In 2025, the Polish Platform for Homeland Security celebrates 20 years of activity. For two decades, PPHS has supported internal security in Poland and across Europe, leading numerous educational and research initiatives. Training has played a key role, with almost 40,000 participants of courses delivered through in-person workshops, online sessions, and e-learning.

Notable projects include:

• VR4REACT—using virtual reality to train prison staff and inmates to reduce reactive aggression and promote prosocial behaviour.
• CYCLOPES—a network of subject matter experts that helps facilitate knowledge exchange and increases the capacity and capabilities of cybercrime practitioners across Europe.
• CYRUS—the cybersecurity training programme highlighted in this article, offering free courses for a wide audience.
• MIRAD—delivering innovative training for prison and probation officers and NGOs to counter radicalisation and support deradicalisation strategies.

We invite you to explore PPHS’s rich training offer—a valuable resource for building a secure and informed society. And if you’re seeking an experienced partner for the educational component of your initiative—get in touch. We’re ready to collaborate. Contact us.