To gain access to a corporate network, ransomware gangs are increasingly turning to initial access brokers (IABs) and dark web marketplaces instead of breaching targets themselves. By analyzing ransomware gang’s want ads, it is possible to understand the types of companies that are being targeted for attacks. KELA, a cybersecurity intelligence company, compiled a list of criteria that larger enterprise-targeting operations look for in a company for their attacks. The list includes geography, revenue, and industry sectors.
Ransomware gangs prefer victims located in the USA, Canada, Australia, and Europe with minimum revenue of $100 million. While they avoid targeting companies in the healthcare, education, and government sectors, they are less picky about other industries. They also avoid attacking companies located in the Commonwealth of Independent States (CIS). However, smaller companies are not immune to being targeted, and even if a company does not meet the criteria, it does not guarantee their safety.