Report: these businesses are a perfect ransomware target

While certain businesses get bombarded with cyber attacks, others enjoy worry-free operations with little to no concerns about threat actors. But what makes a certain company stand out as a perfect ransomware target? Surprisingly, it’s not necessarily the size of its revenue alone.

A new report by Kela, which specializes in actionable threat intelligence, reveals how threat actors advertise listings for purchasing accesses to deploy malware and obtain sensitive data.

By looking at 48 active threads, Kela identified the most demanded products allowing network access as Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco.

The payment for access to the preferred businesses varies from a mere 100$ to as much as 100,00$, with a third of actors being ready to pay a share of a ransom in case of a successful operation. Why does the price vary so much? It depends on a number of factors that cyber criminals use to determine whether a business makes for an ideal victim.

A perfect target recipe

The location proved to be the main requirement for determining suitable targets. Threat actors were majorly mentioning the USA (47.37%), followed by Canada (36.84%), Australia (36.84%), and European countries (31.58%) in advertisings. Most of the recruiters were interested in more than one location. According to Kela, the reason is rather obvious: the wealthier the country is, the more likely it’s to host wealthy companies.

Similarly, certain locations were black-listed. These include the Commonwealth of Independent States, South Africa, and certain third-world countries. As such, Russian-speaking threat actors are cautioned against targeting the locations they live in, as well as places with few financial opportunities.

The next mentioned criterion was revenue. Generally, only companies with bigger incomes, starting from 100 million dollars, were of interest to cyber criminals. However, for many, that desired number changed based on the country of the business. Kela reports the following revenue formula described by one of the attackers:

  1. Over five million dollars for the US-based targets
  2. Over 20 million dollars for Europe-based targets
  3. Over 40 million dollars for the third world-based targets

However, it would be wrong to say that threat actors aren’t interested in small businesses. Quite to the contrary, those usually make for easy targets with loose protections and limited cybersecurity budgets.

Finally, not every threat actor was ready to infiltrate any segment. According to the report, as many as 50% of cybercriminals posted a black list of industries they were reluctant to target. The following were the most popular off the table sectors:

  1. Healthcare (47.37%) - likely due to the moral ideals of the criminals
  2. Education (47.37%) - likely due to low financial gain opportunities
  3. Government sector (36.84%) - likely due to a widely held belief that the government is less likely to target or notice threat actors if they do not engage in a direct confrontation first

Staying safe

In order to secure your business from infiltrations and data theft, make sure to keep up with all patches’ updates to eliminate known vulnerabilities.

Use a strong VPN to protect your online activity and always store your data either in an additional device or in the cloud.

Finally, have a mock session with your employees so that they are aware of what malicious emails look like, which links should not be clicked, and how to respond to warning situations properly.