Ransomware attackers are creating ‘industry standards’ and using them to define an ideal target for their campaigns.

The Ideal Target: Location, Revenue and Other Criteria

In July 2021, KELA discovered 48 discussion threads on dark web marketplaces. There, users claimed to be digital attackers looking to buy access into networks. The intelligence solutions provider found that actors connected with Ransomware-as-a-Service (RaaS) schemes, including operators, affiliates and middlemen, had created nearly two-fifths of the threads. From those discussion threads, KELA determined that ransomware actors look for certain criteria when looking to purchase accesses.

These factors include the following:

  • Geography: Nearly half (47%) of the ransomware actors mentioned the United States as the desired location of their victims. Next on the list were Canada, Australia and European countries at 37%, 37% and 31%, each.
  • Revenue: On average, ransomware attackers wanted their victims to be making a minimum of $100 million, though they sometimes specified different ransom amounts for different locations. Attackers said they wanted over $5 million for U.S. victims, for instance, while they specified a desired revenue of at least $40 million from “the third world” countries.
  • Disallowed Sectors: Almost half (47%) of ransomware attackers said that they were unwilling to purchase access to companies involved in health care and schooling. Slightly fewer (37%) turned down targeting the government sector, whereas about a quarter of ransomware actors asserted that they wouldn’t purchase access to nonprofit groups.
  • Disallowed Countries: Some attackers refused to target businesses or agencies located in Russian-speaking countries. They seem to have chosen this under the logic that local law enforcement there wouldn’t bother them if they didn’t attack the region. Others ruled out targeting South America as a region, as well as third-world countries. They believed they wouldn’t gain enough money from an attack there.

How These Criteria Stack up to Recent Ransomware Attacks

The findings discussed above are consistent with some of the ransomware attacks that made headlines earlier in 2021. Take the Colonial Pipeline attack as an example. With its headquarters based in Port Arthur, Texas, the Colonial Pipeline Company made $1.32 billion in revenue in 2020, according to Dun & Bradstreet. The company does not operate in one of the disallowed sectors discussed above. Instead, Colonial is a major critical infrastructure business in the United States. The FBI and other federal law enforcement agencies targeted the DarkSide RaaS gang after the attack because of attacks like this.

The Kaseya supply chain attack was another incident that accorded with the above criteria. The IT management software company maintains its headquarters in Miami, Florida. In addition, at the end of 2019, Kaseya’s value exceeded over $2 billion.

How to Defend Against Ransomware

KELA explained that businesses and agencies can defend themselves against ransomware attackers in three ways. First, they can use security awareness training to educate employees and the C-suite. This will teach them how to safeguard their data and how to help spot suspicious behavior in their employer’s systems. Second, they can use vulnerability management to monitor their systems for known weaknesses. From there, they can fix those flaws first. Lastly, they can use an updated asset inventory to monitor their devices and systems for suspicious behavior.

More from News

$10.3 Billion in Cyber Crime Losses Shatters Previous Totals

4 min read - The introduction of the most recent FBI Internet Crime Report says, “At the FBI, we know ‘cyber risk is business risk’ and ‘cybersecurity is national security.’” And the numbers in the report back up this statement. The FBI report details more than 800,000 cyber crime-related complaints filed in 2022. Meanwhile, total losses were over $10 billion, shattering 2021's total of $6.9 billion, according to the bureau’s Internet Crime Complaint Center (IC3).  Top Five Cyber Crime TypesIn the past five years, the…

4 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read