Victims are not the only earning source for the ransomware authors. They can even sell ransomware to other hackers. Security researchers term it as RaaS. Other hackers, instead of recreating another ransomware, can buy a tried and tested ransomware. Instead they put their effort in to the ransomware distribution. Exploit kit authors, or authors of botnets, spammers, and other kinds of hackers are the potential customers. For each successful ransomware extortion, that original ransomware author gets a certain percentage. RaaS provided kits with which hackers can build ransomware easily.

Ransomware as a Service seems to be a growing business model for ransomware creators. Here are some famous ransomware sold as RaaS. SophosLabs presented a detailed paper about RaaS at the Blackhat conference in 2017.

Philadelphia ransomware was discovered in September 2016 and was one of the most costliest ransomware (https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/RaaS-Philadelphia.pdf). The ransomware was known to attack hospitals. The Rainmakers Labs, one of the hacker groups, was known to be the inventors of the Philadelphia ransomware. It was sold at $400.

Stampado was another RaaS built by the same Rainmakers Labs, costing $40 .

Cerber was another popular ransomware that was sold as a service. We will discuss Cerber in detail in Chapter 6, Case Study of Some Famous Ransomware. The RaaS providers would usually get 40-60% of the extorted amount.

Satan, another RaaS, had the marketing tagline as ransomware in less than a minute. The owners of Satan claimed 70% of the extortion amount.