In order to gain access to their target company's network, ransomware gangs use initial access brokers who breach networks by brute-force passwords, phishing or exploits and then sell the access to other threat actors, according to BleepingComputer.
Researchers from KELA, a cybersecurity intelligence firm, reviewed 48 forum posts looking to buy network access in July and found that 40% of these want ads were created by those who work with ransomware gangs. These ads contain company information, such as the company's industry, its location and how much they are willing to spend.
Based on the researchers' findings, ransomware gangs prefer to target victims in the U.S., Australia, Canada and Europe; many of these threat actors avoid specific sectors, such as education and healthcare, and companies in the Commonwealth of Independent States, including Armenia, Belarus, Kazakhstan, Moldova and Turkmenistan; and the minimum revenue sought by ransomware gangs is based on their victim's geographic location.