Hackers Selling Ransomware Victims and Network Access Data for  Million

Israeli cyber-intelligence firm KELA has recently published its Q3 2022 ransomware report in which it has reported that an estimated $4 million worth of 576 global corporate network access is being sold worldwide by hackers, enhancing the cyberattacks on large corporate networks.

Initial access sales have seen steady activity in the sector over the past year, but the value of the offering has increased rapidly over the same period.

This quarter appeared to be about identical to the two previous quarters in terms of network access sales. However, the escalating summoned price has now reached a significant milestone of $4 Million.

In Q2 2022 the total value of initial access listings was estimated at around $660,000, which is far less than the estimated value of $4 million counted in Q3 2022.

Top Ransomware Gangs

Below, we have listed the top ransomware gangs and data leak actors identified in Q3:-

With more than 200 victims, the LockBit ransomware group is the most prevalent ransomware gang over the past few years.

While a relatively new ransomware gang, BianLian, has quickly achieved the status of being one of the five most prolific gangs in the market, as it did in the previous quarter.

According to the report, As compared to Q2, Hive has increased its activity considerably, by about 67% over the previous quarter. Black Basta’s activity remained constant between the two quarters, with about 50 victims being reported in each quarter, while Alphv’s activity decreased by 28%.

Actively Targeted Sectors

Professional services have emerged as one of the most targeted and assaulted sectors by ransomware attacks and data leak actors in Q3 2022.

The following ransomware gangs have been the most active in this sector:-

  • LockBit
  • Alphv
  • Hive 

It is estimated that these above-mentioned groups have accounted for about 55% of all ransomware attacks that were reported in this sector.

However, below we have mentioned all the targeted sectors:-

  • Financial services
  • Engineering & Construction
  • Technology
  • Professional service
  • Manufacturing & Industrial Products
  • Government Sector
  • Public Sector
  • Healthcare
  • Life Science
  • Consumer & Retail
  • Education
  • Food & Beverages
  • Transport & Logistics

Most targeted countries

With 40% ransomware attacks in Q3 of this year, the US has managed to gain the first position on the list. While the others we have mentioned below:-

  • The UK
  • France
  • Germany
  • Spain
  • Italy
  • Germany
  • Canada
  • Switzerland
  • Brazil Japan
  • Australia

Hackers selling access to corporate networks mainly acquire them via:-

  • Credential theft
  • Webshells
  • Exploiting publicly exposed hardware vulnerabilities

These access were used by threat actors to perform multiple malicious activities like:-

  • Steal valuable data
  • Deploy ransomware
  • Conduct other malicious activity

In terms of sales price, these initial access listings were averaged at $2,800, while the actual in-between selling price came to $1,350, which was a record high for this number.

There was also a case of KELA being notified of an offer for a single access costing $3,000,000 that was being offered for sale. It took only 1.6 days on average for corporate access to be sold, and most of them are:- 

  • RDP types access
  • VPN types access

Ransomware Blogs

Here below we have mentioned all the ransomware blogs:-

  • Yanluowang: 3 disclosed victims in Q3
  • BianLian: 24 disclosed victims in Q3
  • 0mega: 1 disclosed victim in Q3
  • Daixin Team: 3 disclosed victims in Q3
  • Donut Leaks: 13 disclosed victims in Q3
  • Sparta: 13 disclosed victims in Q3
  • Bl00dy: 8 disclosed victims in Q3
  • MedusaLocker: 10 disclosed victims in Q3

Mitigations

Below we have mentioned the mitigations recommended by the security analysts at KELA:-

  • Ensure all key stakeholders and employees are aware of the risks associated with cybersecurity and receive the appropriate training.
  • Ensure that vulnerabilities are monitored regularly.
  • Vulnerability patches should be applied on a regular basis.
  • Ensure that key assets are monitored and controlled in an automated and targeted manner.
  • Ransomware Attack Response and Mitigation Checklist.

Managed DDoS Attack Protection for Applications – Download Free Guide

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.