- KELA, a cybersecurity company for Israel has published the Ransomware Victims and Network Access Sales in Q3 2022 report.
- According to the report, initial access brokers are currently holding more than 500 companies’ network accesses to be sold to hackers.
- The most targetted country is the United States, and the most targetted industry is “Professional Services”, according to KELA.
Ransomware is still a nightmare for corporates and can cause millions of dollars of damages, or even worse, completely shut down the companies. KELA, a cyber intelligence company from Israel has published a report regarding the ransomware attacks of the third quarter of this year. And they have some interesting findings in the report.
576 initial accesses for $4 million
According to KELA’s Ransomware Victims and Network Access Sales in Q3 2022 report, hackers are currently holding initial access for 576 companies. Those initial accesses are sold for around $2.800 on average and the total money required to buy all of the initial accesses is approximately $4 million. That means, with $4 million, anyone can breach into those victims’ networks to conduct malicious activities, including the ransomware nightmare.
There is also one case that KELA researchers detected during their investigation, in which one specific access was offered for purchase alone for $3 million. But they did not include this listing in the report since it was highly suspicious:
« …However, excluding this one USD 3 million access, the difference wouldn’t be so serious, therefore further calculations were made without this offer (especially considering the fact that the actor behind this listing does not appear to be reputable). »
The hackers that sell the initial accesses are called “initial access brokers”; they break into the network of the target organizations to sell them to other hackers. The buyers later deploy a ransomware attack or steal company data. According to the report, the top initial access brokers for Q3 2022 are r1z, Salvador_Dali, and Orangecake.
The top country targetted by the initial access brokers is the US, being followed by Brazil and the UK. “Professional services” was the most targeted sector and it was also followed by the manufacturing and technology industries. You can see the remaining key findings in KELA’s Q3 report below:
- The most prolific ransomware and data leak actors in Q3 were LockBit, Black Basta, Hive, Alphv (aka BlackCat), and BianLian, with the last one being a relatively new ransomware gang.
- In Q3 2022, the sector that was most targeted by ransomware attackers and data leak actors was professional services. LockBit, Alphv, and Hive were responsible for 55% of the attacks in this sector.
- New data leak sites and ransomware blogs of the quarter included Yanluowang, BianLian, 0mega, Daixin Team, and Donut Leaks.
- In Q3 actors offered more expensive listings since the total number of listings remained almost the same. On average, there were around 190 access listings in each month of Q3, slightly higher than in Q2.
You can read the full report by following the link below: