In May, a debilitating ransomware attack crippled the U.S. oil production company Colonial Pipeline. The attack paralyzed their operations and forced the company to shut down its 5,500-mile pipeline. As a result, half of the gasoline supply normally distributed to the East Coast couldn’t be delivered. The attack caused panic as people scrambled to find gasoline, resulting in a rise in gas prices throughout the United States. The attackers were DarkSide, a Russian criminal group. Colonial Pipeline ultimately paid a reported $5 million ransom in bitcoin to DarkSide in return for a decryption key. (Some of that ransom was eventually recovered by the U.S. Department of Justice.) The gasoline shortage remained for three weeks even after the ransom was paid. In addition to performing its own attacks, DarkSide operates as a ransomware-as-a-service (RaaS) gang, leasing its malware to others for a cut of the profits from any successful attack. This has opened the door for an exponential increase in attacks. Just what is ransomware-as-a-service, and why has this threat grown so much recently. We’re going to give readers an overview of how ransomware-as-a-service works — and why it’s become such a threat.