Join Transform 2021 this July 12-16. Register for the AI event of the year.

A new assessment service from cybersecurity ratings provider Black Kite will let enterprise defenders know which of their third-party partners and vendors could be vulnerable to a ransomware attack.

Ransomware was the scourge of information security in 2020, as the malware brought all kinds of organizations — financial services, health care facilities, educational systems, municipalities, and enterprises — to a screeching halt. Ransoms are getting larger and tactics have evolved as attackers shift away from just encrypting data to actually stealing the data.

The Ransomware Susceptibility Index analyzes technical data from open source intelligence sources to calculate the probability that a company will suffer a ransomware attack within 12 months, Bob Maley, Black Kite’s chief security officer, told VentureBeat. The Index developed a machine learning model that considers 26 controls to calculate a score between 0 and 1. The higher value means the company has a greater likelihood of being hit by a successful ransomware attack.

The goal is to give enterprises reliable data about their ransomware risk so they can make informed decisions about how they work with third-party partners, Maley said.

Third-party risk assessment

Many ransomware attacks now target third-party suppliers and partners instead of going straight for a single company. This is in part because the partners may have weaker security defenses. They may be behind on security updates or their employees may be more likely to fall for phishing schemes. Another reason is that attacking a supplier would net the gang more victims because a supply chain attack would affect all of the supplier’s customers.

In August 2019, 22 towns in Texas were hit by a ransomware attack when the gang targeted the managed service provider used by the towns. When cloud services provider Blackbaud was hit by ransomware, dozens of its customers had to disclose the breach.

Enterprises have to look beyond their own environment when assessing their ransomware risk, Maley said. If the third-party providers are hit, the malware may be able to cascade into their networks. Or the gang will steal data from the provider that actually belongs to the client organizations. Enterprise defenders can use the Index to gauge the risks of a ransomware attack for each of their partners.

The Index isn’t just a score. It also displays a detailed report showing which of the 26 controls were missing. If a partner has a high score, the security team can call the partner and demand the issues be fixed, Maley said.

Verifying the math

Black Kite’s team of researchers needed a way to check the Index’s accuracy, so they turned to the dark web. Many ransomware gangs now sell the stolen data on criminal marketplaces if the victim doesn’t pay the ransom. The team looked for data dumps that were the result of ransomware attacks and checked the Index to see the victim organization’s score.

Just two weeks ago, notorious ransomware gang REvil said it had stolen schematics of unreleased Apple products from an Apple supplier. The group demanded $50 million from Apple or said it would sell the data to the highest bidder. The RSI score for that Apple supplier was 0.729, Maley said.

A prominent health care provider whose data was put up for sale after a ransomware attack (which has not been publicly discussed at this time) had an RSI score of 0.928, Maley said.

Black Kite was able to validate the Index’s accuracy by checking multiple victims across different industries, Maley said.

Attacker perspectives

Many defenders are beginning to feel there is no way to avoid an attack so the focus should be on making sure recovery is possible, Maley said. But while recovery planning is important, defenders shouldn’t give up trying to block the attack.

Attackers research their targets before launching attacks. This research includes identifying potential phishing victims, searching for user credentials, scanning for unpatched vulnerabilities and outdated software, uncovering fraudulent domains, and looking for exposed ports. With this information in hand, the attackers craft a campaign to get a foothold onto the network in order to deploy the ransomware. RSI relies on the same data sources to calculate ransomware risk.

“You can either be fatalistic or you can look at what the attackers look at,” Maley said.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member


By admin

29 thoughts on “Third-party ransomware risk is real, but Black Kite’s latest tool can help”
  1. Admiring the persistence you put into your blog and in depth information you present. It’s great to come across a blog every once in a while that isn’t the same unwanted rehashed information. Great read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  2. You really make it seem really easy together with your presentation but I find this topic to be really one thing which I feel I’d never understand. It seems too complex and very vast for me. I am having a look forward to your subsequent publish, I will try to get the grasp of it!

  3. Hi, Neat post. There is a problem with your website in internet explorer, would test this… IE still is the market leader and a good portion of people will miss your excellent writing due to this problem.

  4. Hey! I know this is somewhat off topic but I was wondering which blog platform are you using for this website? I’m getting fed up of WordPress because I’ve had issues with hackers and I’m looking at alternatives for another platform. I would be awesome if you could point me in the direction of a good platform.

  5. Hmm is anyone else experiencing problems with the images on this blog loading? I’m trying to determine if its a problem on my end or if it’s the blog. Any responses would be greatly appreciated.

  6. Hi there, You’ve done an incredible job. I’ll certainly digg it and personally recommend to my friends. I am sure they’ll be benefited from this web site.

  7. I’m not sure exactly why but this blog is loading incredibly slow for me. Is anyone else having this problem or is it a problem on my end? I’ll check back later and see if the problem still exists.

  8. I will right away clutch your rss as I can’t in finding your e-mail subscription hyperlink or e-newsletter service. Do you have any? Kindly let me know so that I may subscribe. Thanks.

Comments are closed.