What is Ransomware-as-a-Service (RaaS)?

In this post we briefly explore the emerging threat of Ransomware-as-a-Service (RaaS) and suggest how you can protect your organisation.

As reports of ransomware attacks on vulnerable IT networks continue to rise, it seems as though cybercriminals are working harder than ever before. In 2020 alone, companies across the UK reported 5.9 million new ransomware attacks, costing the economy an average of £346 million per year as a result.

Considering how rapidly the ransomware threat landscape is evolving, it makes sense that cybercriminals have now begun branching out their services to a wider criminal audience: we call this Ransomware-as-a-Service.

What is Ransomware as a Service (RaaS)?

While ransomware attacks are traditionally complex in nature, Ransomware-as-a-Service (RaaS) is an emerging business model that allows hackers to sell their services on-demand to a new generation of “not-so-cybercriminals” – often for a worryingly small fee.

By purchasing these services, usually via the dark web, criminals with limited or no technical experience can launch malicious attacks on their victims by proxy, reaping all the financial and competitive advantages they offer without having to learn any of the necessary skills involved.

According to a recent cybersecurity study, almost two-thirds of ransomware attacks in 2020 were launched using Ransomware-as-a-Service, proving just how big of a role this new business model is playing in fuelling the surging ransomware economy. 

How can you prevent a ransomware attack?

When it comes to preventing a ransomware attack, proactive protection always trumps a reactive response. Considering this, here are some key steps you can follow to keep your data safe: 

Educate your workforce 

Seeing as people are often the biggest weakness when it comes to ransomware attacks, educating every employee on the risks involved is essential. To do this, try to run regular training exercises using common cyber threat examples for guidance, and explain what best security practices they can adopt to keep their data safe.

Modernise vulnerable legacy IT

Old, outdated technologies are another common weakness that attackers will target. As well as keeping all legacy systems regularly patched and updated, you should also invest in a modern, agile digital Identity and Access Management platform that can stop ransomware attacks at their source.

Implement strong Multi-factor Authentication

Weak or stolen credentials (passwords) are one of the main causes of cyber attacks. By leveraging Multi-factor Authentication, IT teams can minimise the risk of security breaches through phishing and password spraying by verifying every user with a series of separate Identity processes such as biometrics or SMS codes.   

Restrict user access and implement Zero Trust

As the knock-on effects of the COVID-19 pandemic continue to push organisations and their workforce beyond the traditional IT perimeter, the holes left behind in their security, as a result, have become a primary target for ransomware attacks. By adopting a strict Zero Trust security architecture that assumes risk in every user, device, network, and location unless verified by Identity, Zero Trust can stop ransomware attacks at their source.

How Okta can help mitigate ransomware attacks

At Okta, we specialise in helping organisations across the globe secure digital trust and protect their data, workforce, partners, and customers from harm. Here are some examples of the benefits we offer:

Okta is a fundamental enabler of zero trust

By placing Identity at the heart of your Zero Trust architecture, Okta’s IAM solutions provide a single view of Identity across all applications, vendors, devices, users, roles, and networks. This enables context-aware, risk-based authentication across the entire network, accelerating Zero Trust adoption at scale.


Ransomware-as-a-Service is definitely a cause for concern, but there are immediate actions you can take to protect your organisation. If you’d like more information, read our ebook: Ransomware Prevention: 5 Things IT Leaders Need to Know 

If you would like to know more about how Okta can help strengthen your organisation’s ransomware defence strategy, please reach out to one of our specialists or download your copy of Okta’s Ransomware Checklist here.