Ransomware as a service is an organized criminal business model in which ransomware tooling and supporting infrastructure are offered to affiliates who carry out attacks.
Ransomware as a service, often shortened to RaaS, is a criminal business model in which ransomware tooling and related infrastructure are provided to affiliates who carry out attacks. In plain language, it means ransomware activity can be organized like a service ecosystem instead of being run only by one tightly contained group.
RaaS matters because it lowers the barrier between criminal organization and attack execution. Different actors can specialize in malware development, infrastructure, negotiation, access brokering, or operational delivery, which can increase the scale and persistence of ransomware pressure.
It also matters because defenders need to think beyond a single malware sample. Ransomware incidents may reflect a broader operating model with repeated tactics, affiliate variation, and evolving targeting patterns.
RaaS appears in Threat Intelligence, ransomware preparedness, executive risk communication, and incident-response planning. Teams discuss it when planning Network Segmentation, Endpoint Detection and Response, Containment, and Recovery.
The term helps explain why ransomware campaigns can appear fast-moving, widely distributed, and operationally mature even when the specific affiliate carrying out the attack changes.
A manufacturing company reviews intelligence about ransomware incidents affecting similar organizations. The lesson is that the organization may not be facing a single isolated gang, but a wider service-driven criminal ecosystem that can reuse proven extortion patterns across many targets.
RaaS is not a legitimate cloud or security service. The name describes a criminal operating model, not a normal software-delivery pattern.
It is also different from Ransomware as a term. Ransomware describes the extortion malware or incident type, while RaaS describes how that threat is organized and distributed operationally.