The Rise of Ransomware-as-a-Service and Best Practices to Avoid Becoming a Victim

ransomware as a service

Ransomware attacks are on the rise, doubling in the last year alone. But why has ransomware emerged as the weapon of choice for bad actors? The answer comes down to time and money. 

Thanks to the proliferation of ransomware-as-a-service (RaaS), ransomware attacks are significantly cheaper to execute and require less skill than other forms of breaches. They are also highly profitable.

What is ransomware-as-a-service?

RaaS is a business model whereby malicious ransomware developers sell their malware as a license. As such, RaaS makes it easy for hackers to obtain the tools they need to perpetrate ransomware attacks – with little technical knowledge and fewer resources than other modes of cyberattack. A would-be RaaS customer simply logs onto a portal, selects their ransomware kit, and makes a payment in digital currency – transactions that are anonymous and almost impossible to track.

RaaS sellers offer many of the services that software-as-a-service (SaaS) businesses do, including SLAs, customer service, fee sharing agreements for ransom payments, and affiliate programs. RaaS “businesses” also run marketing campaigns to promote their software and provide online resources to help bad actors succeed.

Once procured, RaaS is used to target organizations directly, but bad actors also go after companies and government agencies via their digital supply chains. In 2021, for example, the ransomware attack against Kaseya, a provider of remote IT management monitoring solutions, impacted the company, its customers, and organizations who outsource IT management to Kaseya. Hackers requested $70 million in payment.

RaaS is a big business. What can your organization do to avoid being a victim of ransomware-as-a-service? Let’s look at three best practices.

3 best practices to avoid becoming a victim of ransomware-as-a-service

1. Maintain a strong patching cadence

The best strategy to prevent RaaS attacks is to get back to basics. That means practicing security hygiene and ensuring strong, consistent security performance. It sounds logical, but the guidance is grounded in data.

For instance, when Bitsight analyzed hundreds of ransomware events to estimate the relative probability that an organization will be a ransomware target, we found that organizations with a Bitsight Security Rating lower than 600 (falling on the low end of the scale) are almost eight times as likely to experience ransomware activity as those with a rating of 750 or above.

Then, when we studied the same organizations’ patching cadence, it emerged that a delay in applying patches correlated with increased ransomware risk. In fact, organizations with a patching cadence grade of D or F were more than seven times more likely to experience a ransomware event compared to those with an A grade.

Ransomware Trends eBook

Ransomware attacks have been rising at an alarming rate — with victims ranging from one of the largest fuel suppliers in the United States to Ireland’s Department of Health. Download our ebook to learn more about:

  • The latest tactics used by ransomware groups
  • Bitsight’s analysis of data on hundreds of ransomware events
  • Best practices to protect your organization

Clearly there is work to be done, but patch management at scale isn’t easy. As your organization’s digital footprint grows, identifying unpatched systems and scaling the resources needed to fix them is challenging. 

That’s where Bitsight can help. Bitsight for Security Performance Management continuously and automatically identifies unpatched systems – on-premises, in the cloud, and across business units and geographies. With these insights you can quickly prioritize exposed systems based on criticality and implement critical patches before the systems are infected with ransomware.

2. Identify and remediate misconfigured systems

Another significant vulnerability that RaaS attackers frequently exploit are weak configuration management protocols, most notably misconfigured TLS/SSL configurations. 

Bitsight analysis found that organizations with a C grade or lower in TLS/SSL configurations are nearly four times more likely to be ransomware victims.

Yet, TLS/SSL certificate and configuration management is particularly challenging. A typical organization may have hundreds or thousands of TLS/SSL certificates that identify each internet-connected device in their digital environment. Finding a TLS/SSL security misconfiguration is like finding a needle in a haystack. Many organizations lack a framework for discovering, cataloging, and managing TLS/SSL configurations. Instead, management is conducted on an ad hoc basis, usually at a departmental level.

However, with Bitsight for Security Performance Management you can continuously and automatically scan for misconfigured TLS/SSL certificates (among other emerging vulnerabilities) and easily pinpoint where risk lies hidden in your organization’s expansive IT infrastructure.

3. Maintain a continuous view of your vendors’ security postures


Understanding your vendors’ security postures is essential to mitigating third-party risk. But vendor evaluation tools like security questionnaires and assessments happen infrequently and only capture a point-in-time view of risk.

With Bitsight for Third-Party Risk Management you can continuously monitor the current and historical security performance of your vendors and easily uncover which companies have a less than stellar patching cadence or exhibit indicators of misconfigured systems. With these insights you can identify potentially risky vendors before onboarding and make data-driven, risk-based decisions about whether to enter into a relationship. 

Bitsight also helps you keep tabs on your vendors’ security postures once the contract is signed. If a vendor’s security posture changes you’ll receive near real-time alerts and actionable information about the fixes that are required to close security gaps. You can even share Bitsight’s findings with your vendors so that risk mitigation becomes a collaborative process. 

Bitsight’s solution also integrates with leading vendor risk management platforms like ServiceNow, ProcessUnity, and ThirdPartyTrust so you can efficiently identify and manage ransomware risk in networks of current and potential vendors – all within your current workflows.

Continuous Monitoring eBook

Learn how to adapt to the continuously changing risk environment with an efficient, continuous risk monitoring strategy.