Security News > 2021 > September > Ransomware gangs target companies using these criteria
Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors.
When conducting a cyberattack, ransomware gangs must first gain access to a corporate network to deploy their ransomware.
After examining ransomware gang's "Want ads," cybersecurity intelligence company KELA has compiled a list of criteria that the larger enterprise-targeting operations look for in a company for their attacks.
Blacklist of countries: Most large ransomware operations specifically avoid attacking companies located in the Commonwealth of Independent States as they believe if they don't target those countries, the local authorities will not target them.
Many ransomware gangs, such as Dharma, STOP, Globe, and others, are less picky, and you can wind up being targeted by a ransomware operation.
BleepingComputer has commonly seen ransomware gangs, such as DarkSide, REvil, BlackMatter, and LockBit, target smaller companies and demand much smaller ransoms.