Ransomware attackers have been developing 'industry standards' that they will use to determine a perfect target for their assaults.
KELA identified 48 comment threads on dark web forums in July 2021 in this regard. Users alleged to be digital attackers trying to purchase network access. Approximately tow-fifth of the threads were established by individuals associated with Ransomware-as-a-Service (RaaS) schemes, comprising operators, associates, and middlemen, according to the intelligence solutions provider. KELA learned from those conversation threads that ransomware attackers hunt for specific criteria when purchasing accesses.
These elements include the following:
- Geographically, almost half (47 percent) of ransomware attackers identified the United States as the preferred destination for their targets. Canada, Australia, and European countries were next on the list, with preferences of 37%, 37%, and 31%, respectively.
- Revenue: On aggregate, ransomware attackers expected their victims to make at least $100 million, while they occasionally indicated various ransom sums for different places. Attackers stated that they sought more than $5 million in compensation for victims in the United States, as well as at least $40 million in revenue from "third-world" countries.
- Disallowed Industries: Almost half (47%) of ransomware attackers indicated they were unwilling to pay for admission to companies involved in health care and education. Slightly fewer (37 percent) declined to target the government sector, while over a quarter of ransomware perpetrators stated that they would not purchase access to non-profit organizations.
- Countries Excluded: Some attackers declined to target companies or government agencies in Russian-speaking countries. They appear to have selected this based on the idea that if they did not target the region, local law enforcement would not worry them. Others ruled out targeting South America or third-world countries as a region. They reasoned that an attack there would not net them enough money.
The aforementioned data is compatible with several of the ransomware assaults that made the headlines earlier in 2021.
For instance, consider the attack on the Colonial Pipeline. As per Dun & Bradstreet, the Colonial Pipeline Company, headquartered in Port Arthur, Texas, earned $1.32 billion in revenue in 2020. The business doesn't operate in any of the prohibited industries listed above. Colonial, on the other hand, is a key infrastructure company in the United States. Due to the attacks like this, the FBI as well as other federal law enforcement agencies targeted the DarkSide RaaS gang just after the attack.
Another instance that met the same requirements was the Kaseya supply chain attack. The headquarters of the IT management software company is in Miami, Florida. Furthermore, Kaseya was valued at more than $2 billion by the end of 2019.
According to KELA, businesses and government institutions could defend themselves from such ransomware attacks in three ways. Firstly, companies could train the employees and the C-suite through security awareness training. This will educate them on how to protect their data and identify suspicious activities on their employer's networks. Secondly, they could utilize vulnerability management to keep an eye on their systems for known flaws. They could then address such faults first. Finally, they could use an up-to-date asset inventory to keep an eye on their devices and systems for unusual behavior.