What Makes an Ideal Ransomware Victim?

  • By David Lukic
  • Published: Sep 28, 2021
  • Last Updated: Mar 18, 2022

 According to a new report by Israeli security company Kela, the most critical aspects that affect companies becoming victims of ransomware are location, revenue, and ease of access.

ideal ransomware victim

Does Your Company Measure Up?

During July of this year, Kela monitored dozens of cybercriminal discussion forums to learn what makes the new ransomware targets. Many of the discussions were current and had recently been created, indicating that the viability of purchasing access into a company network is still a very real threat.

The purpose of these discussions is for buyers to purchase “access” rather than waste precious time trying to hack into a network or breach company infrastructure with various tactics. Sometimes hackers take weeks and even months trying to collect login credentials through phishing campaigns or other social engineering methods. Therefore, it’s much easier to just purchase access from another hacker or someone inside the company who is disgruntled or looking to make a quick buck.

According to Data Breach Today, “When dealing with initial access brokers, the access being sold may include network access, but most often refers to the ability to buy working RDP or VPN credentials, writes Victoria Kivilevich, a threat intelligence analyst at Kela who authored the new report. Based on the forum posts Kela reviewed, she says other most-desired products for facilitating access  include:

  • Cisco.
  • Citrix.
  • Fortinet.
  • Palo Alto Networks - including GlobalProtect VPN.
  • VMware, including ESXi.”

Other desirable traits of an ideal victim, from the hacker’s perspective, are:

  • Any industry except medicine and government/state agencies.
  • Revenue of 100 million+.
  • 500-1,500 hosts.
  • Based in the USA, THAT, TO, and GB.

Of the hackers monitored, almost 50% want victims in the U.S. Additionally, “37% said they wanted Canadian or Australian victims, and 32% sought victims in Europe.”

The trend appears to be hacking groups targeting larger companies for higher ransoms which they dub “big game hunting.”  One of the reasons they target UK and U.S. companies is that many of the wealthiest companies are in those two locations, and these areas are more well developed, meaning cyber insurance and bigger payouts.

A big no-no for hackers is targeting companies in Russia since many of the notorious hacker groups hail from there. Another factor governing the victim pool is industry. Many hacker groups want to stay away from healthcare organizations. However, as we have seen over the past two years, many do not honor that code. Education and nonprofits are viewed as too much trouble for too little payoff.

Some groups also shy away from attacking government agencies due to the involvement of federal law enforcement.

Although this list is very detailed, many “access deals” take place in private, off the public forums, which may alter these results.

ransomware victim

How Much Do Hackers Pay for Access?

The report also mentioned that hackers typically pay around $1,600 for access, but some have shelled out as much as $56,250. In other cases, those supplying the credentials may take a cut of any ransomware collected, usually around 10% of the full take.

How Companies Can Protect Themselves from Being a New Ransomware Target 

Turning a negative into a positive, companies can better secure their networks using this hacker list of must-haves by first locking down all RDP and VPN access. Other tips include:

  • Enable multi-factor authentication all around, especially with Active Directory. 
  • Secure admin accounts and verify access-level privileges to all online resources.
  • Keep a current list of all digital assets.
  • Store good backups off-site.
  • Update software and hardware to include the latest security patches.
  • Educate employees on safe online practices and phishing and social engineering tactics.
About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What You Need to Know about the Delta Dental Data Breach

What You Need to Know about the Delta Dental Data Breach

Delta Dental is a dental insurance provider serving over 90 million Americans. It offers coverage in all 50 states, Puerto Rico, and Washington, D.C. The company was established in 1966 in California as part of the Delta Dental Plans Association.

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close