Ransomware-as-a-service, or RaaS, is exactly what it sounds like: ransomware sold as a subscription. A core group builds the malware, runs the payment systems and hosts the leak sites, then rents the whole kit out to “affiliates” who carry out the actual attacks and hand back a cut of every ransom. Think of it as a franchise — head office supplies the branding and the tools, franchisees do the dirty work. The term is in the news this week because researchers linked the FortiBleed credential-theft campaign to the INC and Lynx RaaS operations, as reported by BleepingComputer.
That link shows how industrialised the supply chain has become. One crew spent months harvesting VPN logins from hundreds of thousands of firewalls. Those credentials then feed ransomware franchises that turn stolen access into encrypted networks and ransom demands. Nobody in that chain picked any individual victim — a café in Orange, an accounting firm in Brookvale and a charity in Brisbane all look identical in a spreadsheet of stolen logins.
Which is why the old “we’re too small to be a target” logic doesn’t hold anymore. You’re not a target; you’re inventory. The practical takeaway: stolen credentials are often sold or traded months before ransomware actually lands, so there’s a window where you can break the chain. Multi-factor authentication on everything remote-accessible, prompt patching, and rotating passwords after any breach notice will do more for you than hoping you stay off the radar.
If your team hasn’t had a refresher on spotting the phishing emails that start most of these chains, our cyber safety training is a good place to start.
Related Guide
Cybersecurity for Sydney SMBs
Explore our complete guide to protecting your business from cyber threats.
