I saw a few references to this KELA study of ransomware based on doing some digging around the dark web to see what people were looking for. I wasn’t necessarily surprised by what they found, because it seems relatively obvious, but I was a little surprised to see that it’s pretty well-thought-out. I guess I had been working on an assumption that folks using ransomware were just throwing out a wide net and catching whatever they could, but it seems like maybe they are thinking a bit more about what they are doing.
On average, the actors active in July 2021 aimed to buy access to US companies with revenue of more than 100 million USD. Almost half of them refused to buy access to companies from the healthcare and education industries.
If you look at more of the details, they target the US, and other wealthy, Western, countries. They specifically don’t target Russian networks (Don’t crap where you eat), third-world countries (typically not enough money to be worth it), and industries that are likely to bring down a lot of heat and attention. That all makes sense if what you are really trying to do is just make money, and continue to make money, going forward.
Of course, as with any “typical” ransomware analysis, just because your organization doesn’t fit the profile for most bad actors, doesn’t mean that you are not vulnerable. Sure, most of the bad actors might have a moral code that prevents them from hitting healthcare or educational systems, but it only takes one actor without that moral code to turn you into a victim. You might want to check out the mitigation measures they suggest as well.
The bad actors will keep developing new tools, and techniques. Can you really afford to not do the same?
Follow these topics: Security