Researchers have examined what the ideal victim is for today’s ransomware organizations.
A report has been published on underground listings made by ransomware operators, including access requests; the means to acquire a first footing into a target system). It indicates that many seek to purchase a way into US firms with a minimum revenue of more than $100 million.
Intial access is becoming a significant deal
Ransomware groups such as Blackmatter and Lockbit may eliminate part of the effort needed in a cyberattack by acquiring access. Maybe through functioning credentials or knowledge of a corporate system weakness.
When you consider that a successful ransomware campaign may result in millions of dollars in payments, this expense is not significant. It can mean that hackers have more time to hit additional targets.
The cybersecurity firm’s findings are based on observations made on dark web forums in July 2021. They indicate that cyber attackers are looking for big US businesses; but Canadian, Australian, and European targets are also being hit.
Russian targets are often rejected instantly, while others are deemed unwanted. Particularly those in poor nations, most likely because of low potential rewards.
Regardless of jurisdiction, around half of ransomware operators will refuse requests for access into companies in the healthcare and education sectors. In other instances, government and non-profit organizations are also excluded.
There are also recommended methods of access
Remote Desktop Protocol (RDP) and Virtual Private Network (VPN)-based access are becoming increasingly common. Access to products produced by Citrix, VMWare, Palo Alto Networks, Cisco, and Fortinet, to name a few.
As for the degree of privileges, several attackers said that they prefer domain admin access. However this does not appear to be essential, according to the study.
There are also offers for unprotected databases, e-commerce panels and Microsoft Exchange servers. These may be more enticing to data thieves and criminals seeking to install malware and bitcoin miners.
All of these forms of access are undeniably harmful and can enable threat actors to conduct a variety of destructive acts, the researchers said. However, they seldom offer access to a business network.
Ransomware operators are prepared to pay up to $100,000 on average for crucial early access services.
RaaS operators are attempting to better monetize the stage of an attack when a victim contacts ransomware operators to negotiate a payment. However, because language barriers can cause miscommunication, ransomware groups are trying to secure new team members who can speak conversational English.
Hackers engaging in Business Email Compromise (BEC) crimes are also attempting to attract native English speakers
Because phishing email red flags include bad grammar and spelling, scammers are attempting to evade detection at the outset. They do this by hiring English speakers to produce convincing text.