The Rise of Ransomware-as-a-Service and Best Practices to Avoid Becoming a Victim

Ransomware attacks are on the rise, doubling in the last year alone. But why has ransomware emerged as the weapon of choice for bad actors? The answer comes down to time and money. 

Thanks to the proliferation of ransomware-as-a-service (RaaS), ransomware attacks are significantly cheaper to execute and require less skill than other forms of breaches. They are also highly profitable.

What is ransomware-as-a-service?

RaaS is a business model whereby malicious ransomware developers sell their malware as a license. As such, RaaS makes it easy for hackers to obtain the tools they need to perpetrate ransomware attacks – with little technical knowledge and fewer resources than other modes of cyberattack. A would-be RaaS customer simply logs onto a portal, selects their ransomware kit, and makes a payment in digital currency – transactions that are anonymous and almost impossible to track.

RaaS sellers offer many of the services that software-as-a-service (SaaS) businesses do, including SLAs, customer service, fee sharing agreements for ransom payments, and affiliate programs. RaaS “businesses” also run marketing campaigns to promote their software and provide online resources to help bad actors succeed.

Once procured, RaaS is used to target organizations directly, but bad actors also go after companies and government agencies via their digital supply chains. In 2021, for example, the ransomware attack against Kaseya, a provider of remote IT management monitoring solutions, impacted the company, its customers, and organizations who outsource IT management to Kaseya. Hackers requested $70 million in payment.

RaaS is a big business. What can your organization do to avoid being a victim of ransomware-as-a-service? Let’s look at three best practices.

3 best practices to avoid becoming a victim of ransomware-as-a-service

1. Maintain a strong patching cadence

The best strategy to prevent RaaS attacks is to get back to basics. That means practicing security hygiene and ensuring strong, consistent security performance. It sounds logical, but the guidance is grounded in data.

For instance, when BitSight analyzed hundreds of ransomware events to estimate the relative probability that an organization will be a ransomware target, we found that organizations with a BitSight Security Rating lower than 600 (falling on the low end of the scale) are almost eight times as likely to experience ransomware activity as those with a rating of 750 or above.

Then, when we studied the same organizations’ patching cadence, it emerged that a delay in applying patches correlated with increased ransomware risk. In fact, organizations with a patching cadence grade of D or F were more than seven times more likely to experience a ransomware event compared to those with an A grade.

3 ways to get the most our of your security investments

Learn three ways a Security Performance Management solutions gives you the data-driven insights, context, and visibility you need to get the most out of your security investments.

Download eBook
Button Arrow

3. Maintain a continuous view of your vendors’ security postures


Understanding your vendors’ security postures is essential to mitigating third-party risk. But vendor evaluation tools like security risk questionnaires and cyber security assessments happen infrequently and only capture a point-in-time view of risk.

With BitSight for Third-Party Risk Management you can continuously monitor the current and historical security performance of your vendors and easily uncover which companies have a less than stellar patching cadence or exhibit indicators of misconfigured systems. With these insights you can identify potentially risky vendors before onboarding and make data-driven, risk-based decisions about whether to enter into a relationship. 

BitSight also helps you keep tabs on your vendors’ security postures once the contract is signed. If a vendor’s security posture changes you’ll receive near real-time alerts and actionable information about the fixes that are required to close security gaps. You can even share BitSight’s findings with your vendors so that risk mitigation becomes a collaborative process. 

BitSight’s solution also integrates with leading vendor risk management platforms like ServiceNow, ProcessUnity, and ThirdPartyTrust so you can efficiently identify and manage ransomware risk in networks of current and potential vendors – all within your current workflows.

Continuous Monitoring eBook

Learn how to adapt to the continuously changing risk environment with an efficient, continuous risk monitoring strategy.

Download eBook
Button Arrow