Cybersecurity firm KELA posted a report based on recent observations of ransomware discussions in dark web forums on what ransomware groups/actors are looking for in the ideal target. According to the report, approximately 40% of listings were created by players in the Ransomware-as-a-Service (RaaS) space. Here’s the quick list of desirables that some ransomware operators are willing to pay on average up to $100,000 for valuable initial access services:
- Victims. Threat actors are seeking large US firms, but Canadian, Australian, and European targets are also considered – although, interestingly, there is at least talk among roughly half of the ransomware operators who will reject offers for access into organizations in the healthcare and education sector, no matter the country. In some cases, government entities and non-profits are also off the table.
- Initial Access Method. Remote Desktop Protocol (RDP), Virtual Private Network (VPN)-based access prove popular. Specifically, access to products developed by companies including Citrix, Palo Alto Networks, VMWare, Cisco, and Fortinet.
- Privileges. Some attackers prefer domain admin rights, but it does not seem to be critical
For more details, visit ZDNet.