Several automated ransomware variants offered something akin to RaaS as far back as 2016, including Stampado, Goliath, and even Locky. The proposition behind the RaaS model is fairly attractive: Inexperienced cybercriminals, or cybercriminals with experience in other areas, can quickly jump into ransomware using established code created by someone who knows what they’re doing. RaaS significantly lowers the barrier of entry for ransomware. RaaS is discussed in greater detail on "
The Importance of Cryptocurrency, RaaS, and the Extortion Ecosystem" page.
GandCrab included a back-end portal that affiliates (how they referred to their RaaS customers) could use to follow the status of an attack. GandCrab would even handle payments and then issue a payout to the affiliates (minus a cut, of course).