{"id":6471,"date":"2021-09-07T15:41:42","date_gmt":"2021-09-07T13:41:42","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/what-ransomware-gangs-are-looking-for-in-an-ideal-victim"},"modified":"2024-05-07T11:26:24","modified_gmt":"2024-05-07T09:26:24","slug":"what-ransomware-gangs-are-looking-for-in-an-ideal-victim","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/what-ransomware-gangs-are-looking-for-in-an-ideal-victim\/","title":{"rendered":"What ransomware gangs are looking for in an ideal victim"},"content":{"rendered":"\n<p>Security experts recently investigated offers made by ransomware actors to buy network accesses on the darknet, shedding light on&nbsp;the criteria&nbsp;cyber&nbsp;criminals use when selecting target companies&nbsp;to&nbsp;blackmail with their maliciously encrypted data.<\/p>\n\n\n\n<p>Security intelligence company <a href=\"https:\/\/ke-la.com\/the-ideal-ransomware-victim-what-attackers-are-looking-for\/\">KELA examined<\/a> a total of 48 forum contributions from July 2021. The \u201cwant ads\u201d had been placed by various ransomware actors and were addressed to Initial Access Brokers (IAB), who provide initial network accesses. These IABs are actually hackers who focus all their efforts on penetrating company networks using methods such as brute force password attacks, exploits, and phishing. The access details are then sold to the highest bidding cybercriminals, who use it to smuggle malware onto the company network.<\/p>\n\n\n\n<p>Almost 40 percent of the darknet threads KELA investigated originated from actors identified as active participants in ransomware gangs. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-gangs-target-companies-using-these-criteria\/\">In one case<\/a>, the ransomware gang known as \u201cBlackMatter\u201d was especially looking for access to targets in the USA, Canada, Australia, and the UK with an annual turnover of at least US$100 million and 500 to 15,000 hosts. The ransomware gang was willing to pay between US$3,000 and US$100,000 for each network access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-europe-also-a-popular-target\">Europe also a popular target<\/h2>\n\n\n\n<p>Based on around 20 requests investigated by KELA, the security experts identified various criteria according to which ransomware blackmailers select their targets. These include:<\/p>\n\n\n\n<ul><li><strong>Geography:<\/strong> Ransomware attackers prefer victims located in the <strong>USA, Canada, Australia and Europe<\/strong>. In the majority of requests, the desired location of targets was explicitly mentioned. The most popular location was the USA (47 percent, followed by Canada and Australia with 37 percent each and European countries (31 percent). In most cases, multiple countries were on the wish list. According to KELA, the reason for this geographic focus is the assumption that victims in the biggest and most developed countries will be wealthier and thus able to pay more.<\/li><li><strong>Revenue:<\/strong> On average, the ransomware attackers are aiming for companies with <strong>an annual revenue of at least US$100 million<\/strong>. In some cases, this figure varied depending on the country the target company is located in. In one concrete case, for instance, the attackers requested US companies with annual revenue of at least US$5 million, European victims with at least US$20 million and companies in \u201cthird world countries\u201d with at least US$40 million.<\/li><li><strong>Blacklist of sectors:<\/strong> Even prior to the attacks on Colonial Pipeline and the meat processing company JBS, most ransomware cybercriminals kept their hands off the healthcare sector. Following those incidents, they also became more careful and selective with some other sectors. In the threads examined by KELA, 47 percent of the attackers expressly excluded the <strong>healthcare and education<\/strong> sectors (47 percent in each case), while 37 percent consciously avoided the <strong>public sector <\/strong>and 26 percentstated they would not purchase access to<strong> non-profit organizations<\/strong>. As far as healthcare and non-profits are concerned, KELA assumes that moral considerations are the primary reason for the attackers\u2019 reluctance. Less so &nbsp;with the education sector, where attackers likely presume the victims would be unable to pay expensive ransom..<\/li><li><strong>Blacklist of countries: <\/strong>Most ransomware criminals stay away from many countries in the Commonwealth of Independent States <strong>(CIS)<\/strong>, as they suppose that in return for not targeting these countries, local authorities will tolerate their activities. In addition to Russia, this also applies to <strong>Ukraine, Moldova, Belarus, Kyrgyzstan, Kazakhstan, Armenia, Tajikistan, Turkmenistan and Uzbekistan<\/strong>.<\/li><\/ul>\n\n\n\n<p>The bad news is that even if your company does not meet the average victim criteria, it still doesn\u2019t mean that you are invulnerable.&nbsp; According to KELA, there is whole raft of ransomware gangs \u2013 such as Dharma, STOP and Globe \u2013 which are considerably less picky. As a company, one should thus avoid falling into any false sense of security and rather take steps to ensure maximum protection from all manner of cyber threats.<\/p>\n\n\n\n<p>When it comes to ransomware, for example, it\u2019s <a href=\"https:\/\/www.retarus.com\/services\/email-security\/tech-specs\/#phishing-filter\">essential to have anti-phishing protection<\/a> for email accounts, something that is included in <a href=\"https:\/\/www.retarus.com\/secure-email-platform\/\">Retarus\u2019 modular Secure Email Platform<\/a> \u2013 also <a href=\"https:\/\/www.retarus.com\/blog\/en\/retarus-the-perfect-addition-to-microsoft-365-and-other-cloud-email-services\/\">to complement cloud office software<\/a> like Microsoft 365 or Google Workspace. We invite you to use our free <a href=\"https:\/\/www.retarus.com\/blog\/en\/here-comes-our-anti-phishing-guide\/\">Anti-Phishing Guide in five languages<\/a> to sensitize your users about this tricky topic. Find out more about this topic on our website or directly from your <a href=\"https:\/\/www.retarus.com\/contact\/\">local Retarus representative<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security experts recently investigated offers made by ransomware actors to buy network accesses on the darknet, shedding light on the criteria cyber criminals use when selecting target companies to blackmail with their maliciously encrypted data. <\/p>\n","protected":false},"author":14,"featured_media":10091,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[102,198],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.0 (Yoast SEO v23.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ransomware Angriffe: Danach suchen kriminelle Banden ihre Opfer aus<\/title>\n<meta name=\"description\" content=\"Erfahren Sie, nach welchen Kriterien Cyberkriminelle ihre Opfer f\u00fcr Ransomware-Attacken ausw\u00e4hlen und welcher Hacker-Schutz Ihr Unternehmen absichert.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What ransomware gangs are looking for in an ideal victim\" \/>\n<meta property=\"og:description\" content=\"Erfahren Sie, nach welchen Kriterien Cyberkriminelle ihre Opfer f\u00fcr Ransomware-Attacken ausw\u00e4hlen und welcher Hacker-Schutz Ihr Unternehmen absichert.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-07T13:41:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T09:26:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/\",\"name\":\"Ransomware Angriffe: Danach suchen kriminelle Banden ihre Opfer aus\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg\",\"datePublished\":\"2021-09-07T13:41:42+00:00\",\"dateModified\":\"2024-05-07T09:26:24+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Erfahren Sie, nach welchen Kriterien Cyberkriminelle ihre Opfer f\u00fcr Ransomware-Attacken ausw\u00e4hlen und welcher Hacker-Schutz Ihr Unternehmen absichert.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Checkliste mit lila Stift\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What ransomware gangs are looking for in an ideal victim\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Ransomware Angriffe: Danach suchen kriminelle Banden ihre Opfer aus","description":"Erfahren Sie, nach welchen Kriterien Cyberkriminelle ihre Opfer f\u00fcr Ransomware-Attacken ausw\u00e4hlen und welcher Hacker-Schutz Ihr Unternehmen absichert.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/","og_locale":"en_US","og_type":"article","og_title":"What ransomware gangs are looking for in an ideal victim","og_description":"Erfahren Sie, nach welchen Kriterien Cyberkriminelle ihre Opfer f\u00fcr Ransomware-Attacken ausw\u00e4hlen und welcher Hacker-Schutz Ihr Unternehmen absichert.","og_url":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2021-09-07T13:41:42+00:00","article_modified_time":"2024-05-07T09:26:24+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/","url":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/","name":"Ransomware Angriffe: Danach suchen kriminelle Banden ihre Opfer aus","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg","datePublished":"2021-09-07T13:41:42+00:00","dateModified":"2024-05-07T09:26:24+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Erfahren Sie, nach welchen Kriterien Cyberkriminelle ihre Opfer f\u00fcr Ransomware-Attacken ausw\u00e4hlen und welcher Hacker-Schutz Ihr Unternehmen absichert.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_599283587.jpg","width":1920,"height":1080,"caption":"Checkliste mit lila Stift"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/wonach-ransomware-banden-ihre-opfer-aussuchen\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"What ransomware gangs are looking for in an ideal victim"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/6471"}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=6471"}],"version-history":[{"count":18,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/6471\/revisions"}],"predecessor-version":[{"id":10467,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/6471\/revisions\/10467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/10091"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=6471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=6471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=6471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}