Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gangs Target Companies Using These Criteria

Ransomware Gangs Target Companies Using These Criteria

Ransomware gangs increasingly purchase access to a victim’s network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks.

When conducting a cyberattack, ransomware gangs must first gain access to a corporate network to deploy their ransomware.

With the massive profits being generated in attacks, instead of finding and breaching targets themselves, ransomware gangs are commonly purchasing initial access to high-value targets through initial access brokers (IABs).

IABs are other threat actors who breach a network, whether through brute-forcing passwords, exploits, or phishing campaigns and then sell that access to other cybercriminals.

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

After examining ransomware gang’s “want ads,” cybersecurity intelligence company KELA has compiled a list of criteria that the larger enterprise-targeting operations look for in a company for their attacks.

Targeting certain companies

KELA analyzed 48 forum posts creates in July where threat actors are looking to purchase access to a network. The researchers state that 40% of these ads are created by people working with ransomware gangs.

These want ads list the company requirements that ransomware actors are looking for, such as the country a company is located, what industry they are in, and how much they are looking to spend.

For example, in a want ad from the BlackMatter ransomware gang, the threat actors are looking for targets specifically in the USA, Canada, Australia, and Great Britain with revenue of $100 million or more. For this access, they are willing to pay $3,000 to $100,000, as shown in the want ad below.

BlackMatter network access want ad
BlackMatter network access want ad

By analyzing the want ads from close to twenty posts created by threat actors related to ransomware gangs, the KELA researchers were able to come up with the following company characteristics that are being targeted:

  • Geography: Ransomware gangs prefer victims located in the USA, Canada, Australia, and Europe.”The majority of requests mentioned the desired location of victims, with the US being the most popular choice – 47% of the actors mentioned it. Other top locations included Canada (37%), Australia (37%), and European countries (31%). Most of the advertisements included a call for multiple countries,” said KELA’s report.”The reason behind this geographical focus is that actors choose the most wealthy companies which are expected to be located in the biggest and the most developed countries.”
  • Revenue: KELA states that the average minimum revenue desired by ransomware gangs is $100 million. However, this can be different depending on the geographic location of the victim..”For example, one of the actors described the following formula: revenue should be more than 5 million USD for US victims, more than 20 million USD for European victims, and more than 40 million USD for “the third world” countries,” explained KELA.
  • Blacklist of sectors: While some gangs said they avoided healthcare, they were less picky about other industries of the companies they encrypt. However, after the Colonial PipelineMetropolitan Police Department, and JBS attacks, many ransomware gangs began avoiding specific sectors.”47% of ransomware attackers refused to buy access to companies from the healthcare and education industries. 37% prohibited compromising the government sector, while 26% claimed they will not purchase access related to non-profit organizations. “”When actors prohibit healthcare or non-profit industries offers, it is more likely due to the moral code of the actors. When the education sector is off the table, the reason is the same or the fact that education victims simply cannot afford to pay much. “”Finally, when actors refuse to target government companies, it is a precaution measure and an attempt to avoid unwanted attention from law enforcement.”
  • Blacklist of countries: Most large ransomware operations specifically avoid attacking companies located in the Commonwealth of Independent States (CIS) as they believe if they don’t target those countries, the local authorities will not target them.These blacklisted countries include Russia, Ukraine, Moldova, Belarus, Kyrgyzstan, Kazakhstan, Armenia, Tajikistan, Turkmenistan, and Uzbekistan.

Unfortunately, even if a company does not meet the above criteria, it does not mean that they are safe.

Many ransomware gangs, such as Dharma, STOP, Globe, and others, are less picky, and you can wind up being targeted by a ransomware operation.

Also Read: 3 Reasons Why You Must Take A PDPA Singapore Course

Furthermore, even though these gangs prefer victims with these characteristics, it does not necessarily mean they won’t breach a network independently.

BleepingComputer has commonly seen ransomware gangs, such as DarkSide, REvil, BlackMatter, and LockBit, target smaller companies and demand much smaller ransoms.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us