Similarly, according to a 2024 report by Cybersecurity and Infrastructure Security Agency (CISA), ransomware continues to evolve and disrupt with “critical services, businesses, and communities worldwide, causing costly incidents that are increasingly destructive and disruptive.” According to the report, it costs businesses an average of $1.85 million to recover from a ransomware attack.
Adding salt to the wound, 80% of victims who paid a ransom were targeted and victimized again by criminals, CISA reported. The economic, technical, and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, continue to pose a challenge for organizations large and small, according to CISA.
What is ransomware as a service (RaaS)
Ransomware as a service (RaaS) allows cybercriminals to offer ransomware software to other individuals or groups for a fee. While of course a criminal activity, it follows the same model as software-as-a-service, infrastructure-as-as-service, and other cloud-based services. This allows individuals with limited technical skills to launch ransomware attacks without needing to develop the malware themselves. RaaS has made it easier for cybercriminals to launch ransomware attacks, increasing the frequency and sophistication of these attacks — and of AI is only making it easier.