Ransomware Hits and Initial Access Listings Grow
The cybercrime economy is alive and well, if counts of known ransomware victims and initial access sales are good gauges of its health.
See Also: Webinar | The Evolution of Network Architecture: What You Don’t Know Can Hurt You
Compared to the first quarter of 2022, the first three months of this year featured a 30% increase in known ransomware victims, totaling 900 organizations, threat intelligence firm Kela reported.
What gets counted: victims who come to light publicly – for example, via ransomware groups’ data leak sites or when a victim issues a public alert. How many victims pay a ransom to avoid being “named and shamed” and publicly outed by attackers is unclear. Also, not all groups run data leak sites. Even when they do, not every nonpaying victim gets listed, for reasons only clear to the extortionists themselves.
Common sources of access to victims’ networks remain dedicated stolen-credential marketplaces and initial access brokers. Both continue to be cornerstones of the cybercrime economy.
Kela counted during the first quarter more than 600 initial access listings for victims. Not all such listings can be tracked, since some vendors don’t advertise what they have for sale on cybercrime forums, but only share them privately. Some brokers also have exclusive arrangements or give right of first refusal to business partners, such as ransomware groups.
A purported member of the Royal ransomware group, using the handle “Baddie,” has been advertising for brokers who can offer network access to victims that have $20 million or more in revenue, Kela reported (see: Fake Data Theft Proof Leads to Royal Ransomware Outbreak).
Compared to the first quarter of 2022, the number of listings increased by 15%, while the average price of an…