Ransomware suppliers make over $100,000 annually from crimeware as a service (CaaS) software

Ransomware, which victimizes individuals and businesses alike, is malicious software capable of stealing, and making inaccessible, data and files from computers, smartphones, servers and connected devices, such as smart thermostats, connected toys, voice assistants and other Internet of Things (IoT) gadgets. The criminals who deploy ransomware typically request money in exchange for the return of the stolen files. They keep the dollar amount low enough to tempt most victims into paying the fee. Often, however, victims will pay and not get their data back, or the crooks will keep copies of the data and continue to use it in fraudulent ways. The ransomware software is typically installed through the use of phishing emails, often with pointers to malicious websites, designed as legitimate communications from trusted sources, such as well-known acquaintances and popular brands.

“Criminals do not need to be sophisticated to pull off a ransomware attack,” said Privacy, security and compliance expert Rebecca Herold. “There are more than 150 variants of the malicious software, which can be inexpensively purchased on the dark web. Ransomware suppliers are making annual incomes of over $100,000 selling crimeware as a service (CaaS) software. Those purchasing it are making that much and more themselves.”

Also Read: Data Privacy Day 2018: Top 5 tips to protect your online privacy, security

Advertisement

‹

EVENT

Saksham Bharat 2026

A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.

📅 Tue, 26 May 2026

📍 Mumbai, Bengaluru, Delhi

Register Now →

EVENT

VeeamON 2026 Tour India - Mumbai

A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.

📅 Tue, 26 May 2026

📍 Grand Hyatt, BKC

Register Now →

EVENT

Cyber Surakshit Uttar Pradesh

Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.

📅 Thu, 28 May 2026

📍 Lucknow

Register Now →

EVENT

VeeamON 2026 Tour India - Bengaluru

A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.

📅 Wed, 03 Jun 2026

📍 JW Marriott Hotel

Register Now →

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

To raise awareness about the threat, Herold has created an infographic titled “6 Places Crooks Steal (Then Ransom) Your Data.” “Where there’s an Internet connection, there’s a datanapper,” states the infographic, which walks through the ransomware threat posed by the dark web and the IoT, as well as in homes, workplaces, stores and even doctor’s offices. “Datanappers love the way we live, always connected and happily over-sharing. While you shop, get a check-up, use smart cars, work or stream movies on the couch, the bad guys are right there watching, waiting for you to drop your data, or use lack of security controls to simply walk right in and take your data.”

Herold recommends individuals and business leaders devote 30 minutes during the week of Data Privacy Day to upping their ransomware protections. Here are three simple steps to take in observance of International Data Privacy Day:

Also Read: BYOD, BYOA exposing corporate networks to complex cybersecurity issues: Fortinet

Delete unused apps. Games, especially, are often fronts for data collection entities. Get rid of all you haven’t used lately.

Patch your systems. This should be set up to happen automatically. Double check you have all of your devices set to auto install security patches and updates.

Back up your files. If you use a cloud service, double up and use a physical device, too. Make sure it is not attached to your computer except when actually backing up.

Also Read: Malicious Facebook password stealing apps found on Google Play Store