LockBit, Black Basta, Hive, Alphv (aka BlackCat) and BianLian have been most prolific ransomware and data leak actors in Q3, 2022, with around 20 to 200 victims disclosed by each group, according to a new ransomware report from Israeli cyber-intelligence firm KELA.
The researchers said that Hive increased its activity by about 67% (compared to Q2), however, Alphv decreased its activity by 28%. Black Basta’s activity remained steady, with about 50 victims in each of the two quarters.
Professional services was the most targeted sector, with LockBit, Alphv and Hive responsible for 55% of attacks, followed by manufacturing and industrial products, and healthcare and life sciences, technology sector and the engineering and construction sector. The most targeted countries include the US, UK, Italy, Germany, and Canada.
KELA also said that threat actors are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000.
“In Q3 2022, KELA traced over 570 network access listings for sale, with a cumulative requested price of around USD 4 million; one access was offered for USD 3 million. This constitutes a significant increase compared to the total amount of about USD 660,000 demanded in Q2. However, excluding this one USD 3 million access, the difference wouldn't be so serious, therefore further calculations were made without this offer (especially considering the fact that the actor behind this listing does not appear to be reputable),” the report notes.
The average price for access was around $2800, a substantial rise from nearly $1500 in the previous quarter. The median price has also increased to $1350 compared to $300 in Q2. Therefore, in Q3 actors offered more expensive listings since the total number of listings remained almost the same. On average, there were around 190 access listings in each month of Q3, slightly higher than in Q2.
The average time for access to be sold was 1.6 days, based on the sellers’ public comments. The most common type of access offered by the threat actors was RDP and VPN.