"Ransomware Attackers Have 'Industry Standards' Too"

The actors behind ransomware attacks are creating industry standards to define ideal targets for their malicious campaigns. In July 2021, researchers with the threat intelligence company KELA found 48 discussion threads on dark web marketplaces in which there were users claiming to be digital attackers looking to purchase access into networks. Actors were found to be active participants in the Ransomware-as-a-Service (RaaS) supply chain, consisting of operators, affiliates, and middlemen. Based on those discussion threads, it was determined that ransomware actors seek specific criteria when looking to buy network accesses. According to KELA, these factors include geography, revenue, disallowed sectors, and disallowed countries. For example, nearly 50 percent of the ransomware actors mentioned the US as their preferred location for targets, followed by Canada, Australia, and European countries. In regard to revenue, ransomware attackers preferred victims that make a minimum of $100 million, on average. These findings are consistent with some of the ransomware attacks that have occurred in 2021, such as the attack against the US-based Colonial Pipeline Company, which made $1.32 billion in revenue in 2020. This article continues to discuss findings on the creation of industry standards by ransomware attackers based on KELA's analysis of discussion threads on dark web marketplaces, as well as how businesses can defend against ransomware. 

Security Intelligence reports "Ransomware Attackers Have 'Industry Standards' Too"