Cyber Security logo

Cyber Security

The Ransomware business model

The Ransomware business is a business like any other, positioned on the dark side of the thin line that is ethics. Just like any other business, the goal of Ransomware groups is to get as much revenue as possible. But how do they reach this goal? Newest developments show that the Ransomware business is slowly transforming from a start-up to a full scaled enterprise.

Need help? Contact the helpcenter!

A first requirement to generate revenue is a steady incoming cashflow. However, as normal bank accounts have proven to be a liability to their anonymity, cryptocurrencies such as Bitcoin come into play. These virtual currencies provide the ability to perform a monetary transaction without any possibilities of tracing the recipient.

But what if the Ransomware victims do not have the required knowledge to acquire and transfer these cryptocurrencies? They can now call the Ransomware group’s help center! Ransomware groups have noted that if victims are not able to pay the ransom, no money is coming in. So as part of the professionalization of their business, they now help you in paying the ransom.

Double and triple extortion

A second problem that arises is back-ups. Ransomware victims with solid back-ups can restore their business without the requirement to pay the ransom. As any businessman would conclude, this is missed revenue. As a result, Ransomware groups do no longer only encrypt data, but copy the data in advance. They threat to release the data publicly if no ransom is paid, hence the double extortion. However, as all businesses evolve, an additional extortion layer is emerging. Ransomware groups now use the captured data for further attacks, such as spear phishing. This triple extortion technique provides an even more convincing argument to pay the ransom and enrich the Ransomware groups.


We now know how Ransomware groups create their revenue. But there is still a small chance that no ransom is paid, and the Ransomware group remains empty handed. Therefore, a final concept is introduced into the ransomware business model: Ransomware-as-a-service (RaaS). Anyone willing to pay can now order a Ransomware attack on their nemesis. On top, if no ransom is paid by the victim, the Ransomware group still gets a small payday from their client. If the ransom is paid, they get both. Win-win situation, right?

What can you do?

As an organization, it is important to prevent Ransomware from entering your environment and limiting the impact of a ransomware attack.


Email security protects your email environment against common attacks, using advanced threat protection and reputational checks, and more complex attacks, using Artificial Intelligence.


Managed Security Awareness trains your employees to recognize social engineering attacks and prevent human error in order to protect your organization, your data and your assets. By providing both online and offline trainings and tests, your employees will help protect your organization against phishing mails, malware, insecure passwords and unallowed physical access.


Managed SOC provides permanent monitoring of your security solutions and network, and can detect attack attempts in the early stage. Moreover, it ensures that a successful attack is identified and contained as soon as possible, limiting the impact of the attack on your organization, your organization’s data and your organization’s customers.

If you want to protect your company against a Ransomware attack, don’t hesitate to contact us.



  1. Real people and events told for entertainment
  2. The commercial prospects or circumstances of a particular company



  1. The combination of components or elements to form a connected whole