Contents
Ransomware used to be a rare, high-stakes attack reserved for big organisations with deep pockets. Not anymore.
Today, Ransomware-as-a-Service (RaaS) has made launching ransomware attacks as easy as buying a subscription online, and it’s causing serious trouble for businesses across every sector. Whether you’re a growing company or an established enterprise, this threat is evolving faster than many can keep up with.
So, grab a cuppa, and let’s break down what RaaS actually is, why it’s fuelling a surge in cyberattacks, and what you can do about it.
Ransomware: What Do the Numbers Say?
We’ll keep it simple:
-
In 2024, they climbed again, hitting 5,200+ global cases, the highest on record.
-
The average ransom payment in 2024? Around $2 million (up 5x from the year before); however, for 2025, this figure has since dropped to $1 million, which is still not ideal.
-
And the average cost to fully recover from an attack (excluding the ransom)? Roughly £2.1 million.
-
Closer to home, the UK saw a 23.5% increase in ransomware victims in the second half of 2023, further proof that this is a global issue.
Want to learn more about real-world attack recovery? Read our blog on incident response and why every second counts.
What Is Ransomware-as-a-Service (RaaS)?
Imagine a cybercriminal builds a powerful ransomware strain (the kind that encrypts files and demands payment to get them back). Now imagine they decide to lease that ransomware out to other criminals for a cut of the profits.
That’s RaaS.
It’s a criminal business model, and one that works disturbingly well:
-
Low barrier to entry: Anyone with bad intentions and a little money can now launch attacks.
-
Scalability: One ransomware family can be used by hundreds of affiliates worldwide.
-
Harder to trace: Developers sit back and collect profits while others carry out the attacks.
By the end of 2023, at least 52 known ransomware gangs were offering these services. Some charge as little as a few quid a month.
Why It’s So Dangerous for Businesses
1. Disruption That Lasts Weeks
On average, ransomware takes systems offline for 3–4 weeks. That’s weeks of lost productivity, disrupted customer service, and mounting financial costs.
For a closer look at the real business impact of downtime, read our step-by-step guide on how to respond to a data breach.
2. Data Loss (Even If You Pay)
About 45% of a company’s data is affected during an attack. And even if you pay the ransom, over 50% of businesses don’t recover all their data because of corrupted files, failed decryptions, or data stolen before encryption.
3. Reinfections Are Common
More than half of organisations hit by ransomware face a second attack shortly after recovery, usually because the root cause wasn’t fully addressed.
4. Reputation Takes a Hit
Trust is hard-won and easily lost. 53% of companies say their brand was damaged after a ransomware attack. For some, it was enough to cost senior leadership their jobs.
RaaS = A Business Model That Keeps Growing
Here’s the real kicker: even if law enforcement shuts down a RaaS group, the affiliates just move to a new one. When the Hive gang was dismantled, many of its affiliates reappeared under the name “Hunters”.
That’s the beauty (for them) and the problem (for us) with RaaS, it’s decentralised, global, and hard to stop.
What Can You Do to Protect Your Business?
Ransomware is a moving target, but there are clear steps you can take to make your organisation less vulnerable.
The Basics
-
Backups: Keep offline, immutable backups, and test recovery regularly.
-
Patching: Prioritise critical vulnerabilities. Ransomware groups often exploit known flaws.
-
Access controls: Use multi-factor authentication, restrict admin rights, and review access often.
-
Segmentation: Isolate sensitive systems to limit the spread if attackers do get in.
Training and Awareness
Your team is your first line of defence. Phishing emails, weak passwords, and poor security habits are often the entry point for ransomware.
We’ve covered this in our post on building a security-aware culture.
Have a Plan
When ransomware strikes, your response time matters. Have a clear incident response plan in place, covering everything from technical triage to crisis communication.
Final Thought
Ransomware isn’t slowing down, it’s evolving. With the RaaS model driving down the cost of entry for cybercriminals, more organisations are at risk than ever before.
But knowledge is power. By understanding how RaaS works, and building layers of defence around your systems, people, and processes, you can stay one step ahead.
Remember, it’s not about being unbreachable. It’s about being resilient.
Curious about what cybercriminals are targeting next? Read our breakdown on emerging threats and how to prepare.