Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service (RaaS) is a criminal business model in which a core development group builds and maintains ransomware infrastructure, then licenses access to that infrastructure to a network of paying affiliates who conduct the actual intrusions and deploy the malware.

Threat IntelligenceTIDThreatIntermediateCONFIDENTIAL2,463 words10 min readApr 7, 2026

Last updated Apr 7, 2026Currentv2

CLASSIFICATION: CONFIDENTIAL

This article requires CONFIDENTIAL clearance or higher.

What you need

Create a free Nexus ID to access CDA proprietary content including PDM domain explainers, methodology deep-dives, and reconnaissance mission briefings.

Create Nexus ID (Free)

Also at this clearance level

Threat IntelligenceTIDThreatIntermediate

Table of Contents

Ransomware-as-a-Service (RaaS)

What you need

Also at this clearance level

APT28 (Fancy Bear / Forest Blizzard)

Lazarus Group (HIDDEN COBRA / Diamond Sleet)

Salt Typhoon

Single Sign-On (SSO) Architecture

The Academy

The Command Post

The Armory