Ransomware groups are proliferating and they are moving fast. Now, researchers at KELA have found out what makes a target perfect for these ransomware actors.

Making up the perfect target

More cybercriminals now aim at large U.S. companies, but Canadian, Australian, and European targets are also on their list.
  • Most of them seek to buy initial access to U.S. organizations with a revenue of $100 million or above.
  • All kinds of network access are welcome, with special emphasis on VPN and RDP exploits developed by Palo Alto Networks, Citrix, Cisco, VMware, and Fortinet.
  • The highest price for network access can go up to $100,000, with the average price being $56,250.
  • While offers against Russian targets are rejected immediately, hackers are also less interested in targets in developing countries, mostly because of lower payouts.

Why this matters

A successful campaign can make attackers profit worth millions. Buying access to large organizations frees up their time to attack more targets. All types of access can prove to be catastrophic and can allow threat actors to conduct malicious actions. 

Some stats your way

  • Around 40% of listings were posted by actors in the RaaS business
  • While 32% of ransomware actors are willing to pay a part of the ransom, initial access brokers can earn 10% of the ransom. 
  • Some sector access has been blocklisted, such as 47.37% of actors don’t want access to education and healthcare sectors. Around 36% refused to buy access to the government sector and 26.32% refused to attack non-profits.

The bottom line

KELA has published recommendations for mitigation in case of a ransomware attack. It must be noted that access to corporates in the hands of cybercriminals cannot only lead to data theft and deployment of ransomware, but also other nefarious activities. It is advised to invest in cybersecurity measures to stay clear of burgeoning ransomware threats.

Cyware Publisher