November 1, 2022

According to a new report by Israeli cyber intelligence firm KELA, hackers are selling access to 576 corporate networks worldwide for a total sale price of $4 million.

LockBit, Black Basta, Hive, Alphv (aka BlackCat), and BianLian were the most prolific ransomware and data leak actors in the third quarter, according to the report, with the latter being a relatively new ransomware gang. Professional services were the sector most targeted by ransomware attackers and data leak actors in the third quarter of 2022. 55% of attacks in this sector were carried out by LockBit, Alphv, and Hive.

The USA is still the country that is most targeted, with 40% of ransomware and extortion attacks that affect U.S. companies in the third quarter, followed by ransomware and data leaks from companies in Great Britain, France, Germany and Spain. There are also new data leak sites and ransomware blogs of the quarter, including Yanluowang, BianLian, 0mega, Daixin Team, Donut Leaks.

KELA discovered more than 570 network access listings for sale in the third quarter of 2022 with a total offer price of approximately $4 million and an average access price of between $1,350 and $2,800. Threat actors offered more expensive listings in the third quarter, although the total number of listings remained nearly constant. In the third quarter, there were approximately 190 access listings per month, slightly more than in the second quarter.

In KELA, single access was also offered for sale at the astronomical price of $3 million, although the number of sales for network access remained roughly the same as in the previous two quarters. However, due to concerns about its authenticity, this list was not included in the statistics and totals of the third quarter 22.

The sources for this piece include an article in BleepingComputer.