"Researchers Pinpoint Ransomware Gangs' Ideal Enterprise Victims"

Researchers with the threat intelligence company KELA analyzed 48 active threads on dark web marketplaces. These threads were made by threat actors seeking to purchase access to organizations' systems, assets, and networks. At least 40 percent of the postings were found to have been made by active participants in the ransomware-as-a-service (RaaS) supply chain as operators, affiliates, or middlemen. The threads provided insight into how these threat actors choose who they want to target next. Based on the threads, companies in developed countries such as the U.S., Canada, Australia, and European countries are preferred targets over organizations that are formal or informal members of the Commonwealth of Independent States (CIS). Threat actors most likely avoid these organizations because they are based in some of those countries and want to avoid local law enforcement. The average minimum revenue sought by ransomware attackers is 100 million USD. Some of the threat actors stated that the desired revenue depends on the location. Regarding the preferred types of organizations to target, in 47 percent of the postings, the attackers said they do not want to buy access to healthcare organizations. The same percentage of access requests emphasized the need to avoid companies in education. Government companies and non-profits were mentioned as unwanted targets in 36 percent and 26 percent of the postings. Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco were mentioned the most when it came to products for enabling network access. This article continues to discuss key findings from the analysis of threads on underground marketplaces regarding the most preferred ransomware victims and types of network accesses. 

Help Net Security reports "Researchers Pinpoint Ransomware Gangs' Ideal Enterprise Victims"