Cybercriminal for hire: The rise of Ransomware-as-a-Service

Cybercriminal for hire: The rise of Ransomware-as-a-Service

Cybercriminal for hire: The rise of Ransomware-as-a-Service
Cybercriminal for hire: The rise of Ransomware-as-a-Service


Ransomware attacks are a global concern, with a shocking 40% increase in both frequency and severity over the last year. “South Africans are at significant risk due to the increasing use of Ransomware-as-a-Service (RaaS),” warns Anna Collard, SVP Content Strategy&Evangelist at KnowBe4 AFRICA ( Using RaaS also increased by 40% ( over the last year. Threat actors now sell their sophisticated ransomware solutions and services, keeping up to 80% of the profits.

Ransomware attacks are rapidly posing a greater threat due to the availability of RaaS solutions on the dark web. These solutions can be purchased at varying prices, ranging from less than $100 to thousands of dollars. The ease of access to these kits, coupled with the fact that they often come with customer support, allows attackers to quickly set up and execute multiple ransomware attacks with little to no technical skill.

This accessibility to RaaS solutions has led to the evolution of ransomware, with cybercriminals focusing on enhancing its sophistication and capabilities. The aim is to create a product that is highly effective and profitable, catering to the demands of potential buyers in the cybercriminal market. They readily select their ransomware from a shopping list, pay the creators, and go. This represents the epitome of commodity attacks — a matter of utmost concern, especially for South Africa.

“One of the key factors contributing to South Africa’s vulnerability to these types of attacks is the widespread use of English,” explains Collard. “Attackers often need to negotiate with their victims, which means they need to speak a common language. It is difficult to negotiate with someone whose culture and language you do not understand. As a result, Western countries are more frequently targeted because of a higher percentage of threat actors originating from Europe. South Africa, with its strong English speaking business culture, advanced digital infrastructure, and thriving financial services ecosystem, is consequently at risk of being targeted by these attacks.”

In South Africa, both the private and public sectors rely significantly on digital infrastructure for their critical operations. Companies are prioritising digitalisation efforts to maintain their competitiveness in the local and global markets. This strategic investment in digital technologies has proven invaluable, enabling companies to navigate through the challenges posed by the pandemic and fostering remarkable innovation. In fact, South Africa was recognised as the most innovative country in Africa in 2022 ( However, this increased reliance on digital platforms has also exposed the country and its companies to vulnerabilities and risks.

“North America was the primary ransomware target for a long time but there has been a downward trend because the government has come down hard on these criminal organisations,” says Collard. “They have the resources, law enforcement, and probably the budgets to clamp down on cybercrime syndicates that South Africa does not. In short, countries like the United States have become more responsive to threats and so the bad actors are turning to countries that do not have these resources or systems in place.”

When we combine this significant change in targeting, as highlighted in the recent Cy-Xplorer 2023 report by Orange Cyberdefense (, with the swiftly evolving RaaS market, it is obvious why South African organisations need to stop and pay attention to the rising ransomware threat. It has been commoditised and simplified, turned into a solution as easy to use and implement as an app for a smartphone. Plug, play, steal.

“RaaS presents a very real and constantly evolving challenge to cybersecurity specialists and organisations,” concludes Collard. “The methods of attack, the approaches, the level of sophistication—it is very easy for anyone to be caught out. End users must remain vigilant to ensure that they do not become the reason a company falls victim to ransomware, and companies must continually train and remind employees of the risks to prevent complacency.”

User awareness is critical. If people can recognise threats, they will not click on links or make mistakes. If people are aware of how easy it is to be fooled by fake emails and sites, they will be cautious with their passwords and their information. If companies constantly reinforce these messages, they are protecting their data, their people and their systems from an onslaught of RaaS threats that are only set to get even better and more prevalent in the future.

Distributed by APO Group on behalf of KnowBe4.