Please fill in the form below to subscribe to our blog

How Attractive is Your Business to Ransomware Gangs?

October 21, 2021

Does Your Business Check Off the Boxes on a Bad Actor’s Shopping List?

These days it seems like businesses from every sector are at risk of a ransomware attack, and it’s hard to determine exactly what type of business in what industry is a target that ransomware gangs may be interested in. Thinking that any business is too small to be on a ransomware outfit’s radar is a dangerous assumption. No business is too small – 50% of ransomware attacks last year hit SMBs, and 55% hit businesses with fewer than 100 employees. But by taking a big picture look at how ransomware has grown and evolved in the last few years, IT professionals and businesses can get a handle on how much danger their organizations might be in and whether or not they’ve got what it takes to end up at the top of a cybercriminal’s shopping list

50% of IT pros do not believe their organization is prepared to repel a ransomware attack. Is yours? Build stronger defenses with the strategy in Ransomware Exposed. DOWNLOAD NOW>>

What Makes an Industry Attractive or Unattractive?

Ransomware groups aren’t too picky. Most gangs consider anything a target with very few exceptions, especially if that target has access to large amounts of valuable data. Ransomware practitioners know that they can make as much money or more off of selling a company’s data than they can off of just a ransom. That’s one of the major reasons why ransomware risk has been steadily climbing for the last two years. The booming dark web data markets are sending cybercriminals down paths that they haven’t traversed much in the past in order to make big data scores. Those paths sometimes also lead bad actors to data or access credentials that can be used to fuel future cyberattacks or slip into the systems of a larger organization. 

Surprisingly, roughly half of the ransomware operators analyzed in a recent study of dark web forum posts were clear about their disinterest in pursuing ransomware attacks targets in the government, healthcare or education sectors. Attacks against infrastructure targets are unattractive too considering the fallout ransomware group DarkSide faced after the Colonial Pipeline attack. Infrastructure or government targets are traditionally the province of nation-state cybercriminals who also make frequent use of ransomware. Rumors began swirling in the media immediately that the Colonial Pipeline attack was nation-state cybercrime, a theory that was later disproved. But it was a major reason why DarkSide was quick to throw the affiliate that conducted that attack under the bus but the damage was done, and the attack set the group up for scrutiny that ultimately caused it to shut down. 

dark web danger represented by a shadowy hacker using a hook to steal a password from a square flating over a laptop with other warnings in an animated style

What risk will you face next? Get a look at what to expect in The Global Year in Breach 2021. DOWNLOAD NOW>>

How Valuable is Your Data to a Ransomware Gang?

Ransomware groups are on the hunt for data constantly. According to an analysis in the Verizon/Ponemon Institute Data Breach Investigations Report 2021 (DBIR 2021), malware like ransomware was responsible for an estimated 30% of incidents that caused a violation of a company’s data storage integrity. Digging deeper, ransomware jumps to the top of the list again when considering reasons why a company lost control of or access to their data – 70% of data loss incidents in the study were the result of obscuration, a condition classification used in this report to indicate the result of a ransomware scenario where ransomware that encrypts a company’s data is installed and triggered successfully.

These data types were involved in the most breaches, making it the data that cybercriminals are most likely to steal from an organization.  

Types of Data Stolen in Breaches  

Approximated from DBIR 2021 

  • Credentials: 60% 
  • Personally Identifying Data (PII): 40% 
  • Medical Data: 10% 
  • Bank Data: 10% 
  • Internal Data: 10% 
  • Payment Data: 10% 

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

 What Are Characteristics of Businesses That Are at Risk?

While no industry is safe from the depredations of ransomware groups, some industries are more at risk than others. The reasons why industries become high risk vary but a few common reasons should throw up a red flag if they apply to your business. 

If your business… 

  • Handles or stores large amounts of PII 
  • Services a large company 
  • Is in an industry that is under pressure 
  • Processes payments or stores payment information 
  • Isn’t likely to have strong security 
  • Can’t defend against phishing attacks
  • Does not engage is security awareness training
  • Has access to data and systems at another company 
  • Is a lynchpin in a supply chain 
  • Can provide access to infrastructure 
  • Is suddenly thrust into the spotlight.  

…then your business is at risk of climbing to the top of a ransomware gang’s agenda. 

Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>

 When Does An Industry Come Under Fire? 

If an industry is under stress, that’s the perfect time for ransomware gangs to strike. They know they have a higher chance of getting paid if they’re hitting companies in a certain sector exactly when they’re needed the most. The way that ransomware traveled through the pre-vaccine pandemic days is a good illustration of what makes an industry cybercriminal catnip. A look at how ransomware flowed in one direction in 2020 and 2021 gives a great snapshot of how industries become especially attractive to the bad guys

  • In most of 2020, ransomware attacks against healthcare organizations including hospitals, research facilities and other care providers were rampant, as cybercriminals sought valuable research and patient care data, a hot commodity on the dark web.  
  • As the pandemic continued, cybercriminals set their sights on new targets: drug companies working to develop a vaccine. That activity was especially rampant just before the first vaccines were announced, as nation-state hackers and other bad actors hit major pharma developers like Takeda, Dr. Reddy’s and Pfizer.  
  • Then they moved on to the next critically needed sector: the specialized cold storage, transportation and logistics companies needed to get the vaccine to market. In December 2020, researchers at IBM announced that they’d uncovered widespread phishing operations targeted to employees of trucking, rail, and cold storage companies as vaccine distribution began. 

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

What Else Makes a Company a Target? 

Ransomware gangs are all about finding an easy way to attack an organization, and purchasing an employee’s credentials is always a favorite. Bad actors are specifically looking to burrow into US companies with a minimum revenue of over $100 million. Purchasing access, including active or functional employee credentials or the knowledge of a vulnerability in a corporate system, makes it a snap for them to deploy ransomware quickly and without the fuss that might be kicked up by another method like phishing.  

Roughly 40% of listings looking for access credentials on dark web forums were created by players in the Ransomware-as-a-Service (RaaS) space. Gangs offered up to $100,000 for initial access services with most actors setting their top price at a little more than half of that, $56,250. In other ads posted to a popular forum, threat actors were looking for targets specifically in the USA, Canada, Australia, and Great Britain with revenue of $100 million or more. For this access, they were willing to pay $3,000 to $100,000 – and that’s enough to tempt employees, especially in difficult economic circumstances. 

Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>

Build Cyber Resilience to Fight Back Against Ransomware Risk

It’s a dangerous world out there for businesses. Ransomware gangs are hungry for fresh revenue in an expanding market. Boosting cyber resilience as part of building a strong defense against ransomware is critical for every organization, and ID Agent can help.  

Passly packs essential protection that protects your systems and data from intrusion by cybercriminals with a stolen or phished password including single sign-on (SSO), multifactor authentication (MFA), automated password resets and simple remote management at an affordable price.   

BullPhish ID delivers a smooth, painless training experience for trainers and trainees alike. Trainers can run premade simulations or customize their content to reflect their unique industry threats, including video lessons. Then deliver it all through a personalized portal that makes it easy for everyone.    

Dark Web ID can help your clients discover employees who may be tempted to sell their access credentials on the dark web to get all that cash. Monitoring 24/7/365 and fast alerts help companies stay a step ahead of malicious insiders.   

Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.    

Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!