Technology Unwrapped

The most important technology concepts, strategies and actions uncovered for your business.

The Difference Between RaaS, Ransomware 2.0, 3.0, and 4.0

Image of businessman touching virus alert iconRansomware has maintained the boogeyman title of cyber security for nearly three decades, growing steadily as its target expanded from individuals to corporations to government facilities and education. Since its creation, hackers have sophisticated ransomware attacks on a database, creating multiple versions to fit whatever objective they try to achieve.

One of the most powerful ways to prevent a ransomware attack is to spread awareness and educate. So, we are taking a deep dive into ransomware’s evolution, how ransomware updated features impact users, and what you can do in the fight against ransomware attacks.

What is Ransomware?

Simply put, ransomware is malware that encrypts sensitive information before stealing it, then holds it hostage until you make the ransom payment.


Ransomware made its first entrance as a floppy disk sent to the WHO AIDs conference in 1989. Subscribers to the conference were asked to pay a monthly or lifetime fee to decrypt their information, not knowing the access key was in the code.

As technology has evolved, so has ransomware. It transformed into blockers- a self-explanatory malware that blocked users out of their computing systems. Users worked around the issue by logging in under a different profile, so hackers devised new ways users couldn’t use that work around it.

The 2010s became a technological milestone as digital manufacturers such as Apple and Microsoft sophisticated their products. Corporations began integrating technology into their workflows, and hackers realized the potential payday that came with targeting an entire business instead of an individual.


When the pandemic hit in 2020, hackers used ransomware as the ultimate weapon, targeting employees as more businesses allowed their staff to work remotely. Acting as their manager or human resources representative, hackers employed a spear phishing approach. They contacted the potential victim via email and encouraged them, with various tactics, to download a file with hidden ransomware, which would unknowingly give the hacker direct access to the company network. Once clicked, the file launched an encryption program that spread through the entire system, kicking all users, including admin managers, out.

Eventually, the business would realize its system was hacked and contact the proper authorities, including IT support and the FBI. The hacker would send a ransom note, asking for a specific price in exchange for the business system, files, or data. The cost a hacker asked for varied on the business, leaving a dent in the company’s wallet and reputation. In 2021 alone, 60% of small businesses closed within six months after the attack, and the other companies struggled to regain footing over time.

As technology continues branching into professional communications and customer service, ransomware also expands its tactics by creating different types of customized attacks. Some types of ransomware are known as Ransomware as a Service, Ransomware 2.0, Ransomware 3.0, and incoming Ransomware 4.0, the ransomware toolbox has grown for hackers to choose their method of attack against their target.

Types of Ransomware

Ransomware as a Service (RaaS)

Ransomware as a Service acts as a subscription service, supplying subscribers with ransomware tools after paying the subscription fee. The subscription plans, called RaaS kits, are used to enter the targeted system, encrypt the files, and demand ransom. They enable anyone to become a cybercriminal, incentivizing the reward of quick money without much time or skill. Once the hacker is successful, they can join different RaaS groups to harness their newfound craft.

Some of the largest platforms have risen out of RaaS, including:

  • DarkSide
  • REvil
  • LockBit
  • Dharma

While law enforcement has been able to shut down the servers and bitcoin networks which RaaS groups operate from, they can disband and regroup into new RaaS teams to cultivate another strike.  

Ransomware 2.0

As a result of the pandemic in 2020, Ransomware 2.0 brought a hybrid approach by stealing data before encrypting it, whereas before, it was the other way around.  Ransomware 2.0 gave the attacker extra leverage to blackmail the company, known as “extortionware.” Hackers used the tactic if the business refused to pay the ransom. The organization was forced to pay the hacker to avoid a reputational hit and their competitors receiving priceless information by threatening a public release of the victim's data.

Hackers used Ransomware 2.0 to:

  • Steal company data
  • Steal business, employee, personal, and customer credentials
  • Threaten the company’s employees and customers
  • Spear phish partners and customers with the stolen data
  • Publicly shame the victim by revealing information (even in small amounts)

With the improved approach, most hackers increased their ransom price to $8,100 in 2020, but Maze increased the average payout to nearly $2.5 million. Ransomware 2.0 has also allowed hackers access to entire networks instead of one machine with limited information. Over time, hackers have become more intentional with whom they attack by spear-phishing companies in the healthcare and government industries.

Ransomware 3.0

Unfortunately, Ransomware 2.0 is just the beginning. Using Ransomware 2.0 as the foundation, Ransomware 3.0 lifts off as a tool for specific hacking activities, such as:

  • Selling exfiltrated data, stolen credentials, or initial access
  • Stealing money from business accounts
  • Personal exhortation of employees, partners, and customers
  • Business email compromise scams or spam emails
  •  And much, much more

Over time, hackers recognized the power they held by gaining unhindered access to the victim’s digital resources. They could manipulate, exhort, or deceive any person attached to that business if they could get ahold of their credentials.

On a larger scale, ransomware gangs, or online groups of people who infiltrate company systems, have evolved their strike method by starting with one attack and moving on to another. By continuing what’s known as their “chained objectives,” ransomware gangs can diversify their attacks and victims simultaneously, potentially increasing their success rate and cash haul.

Incoming Ransomware 4.0

Ransomware 4.0 is in development, but it’s coming fast. As technology continues to develop, so do the in-house processes, including automation. Businesses use automation to streamline efficiency by exchanging data so that all departments have the most updated information about a client, prospect, or project.

Bad actors take advantage of targets by gaining initial access, such as a compromised password, and then install themselves as a back door to the system. They bide their time by hiding in plain sight, collecting more credentials, planting hidden malware in other system areas, or simply waiting for further instructions. Eventually, they can exfiltrate data or kick off encryption routines, acting as a leech to the company’s system.

Experts predict hackers will come up with automated hacking systems, so they’re more hands-off with the process while still making a profit.

Is there any hope for my SMB as Ransomware evolves?

With all this in mind, the future of cyber security may seem pretty bleak. But, the growing cyber threats against local and large businesses have not gone unnoticed. More than $15 billion has been allocated to federal departments to investigate and prevent cyber-attacks nationwide. In May of 2021, President Joe Biden issued an executive order to adopt higher cyber security standards for government agencies. Silicon Valley tech companies like Apple and Google have also updated their privacy policies for data tracking and email to keep their user’s information safe.

Your organization can act to prevent ransomware by:

  • Developing the human firewall within your business. Train and update your staff on ransomware, phishing, and other cybersecurity threats by showing them what to look for and the proper procedures to follow in case of an attack
  •  If your business allows employees to work remotely, monitor data access and ensure they work with a secure WiFi connection or VPN tunnel.
  • Be sure to put the security tools in place to protect their laptop.

In other words, the fight isn’t over. Ransomware may continue to evolve, but spreading awareness will allow users to be more vigilant about what shows up in their inboxes or systems.

For small businesses, we understand the lack of time and resources to put together the tools to educate your staff correctly. CoreTech partnered with ID Agent to create our eBook, “Ransomware Exposed,” a book that informs your team while easily integrating healthy security habits into their workday. Click on the link to find out more, and contact us if you have any questions.

Ransomware Exposed: Is your business at risk? Download our eBook!

Additional Resources

Topics: Data Breach, Network Security