Digital Shadows research: The middlemen who make ransomware possible (and profitable)
Digital Shadows released new research into a group of cybercriminals who are essential to the profitability of ransomware, but who are also often overlooked: initial access brokers. Initial access brokers gain remote access to vulnerable organizations, which an end-purchaser of ransomware or RaaS can then leverage to wreak havoc.
According to the Digital Shadows research, once they find their way in, initial access brokers poke around the network, at times attempting to escalate privileges or move laterally to access more information. They manage and organize their access, tailoring it into a presentable product, and determine how much money they could get in the criminal market. At this point, our internal access broker visits their favorite criminal forum and creates a thread advertising the access with prices typically between $500 to $10,000. Listings are customer agnostic; the goal is to make money, so whoever wants to buy their access (e.g. nation-state APT, financially motivated groups, data brokers) can have it.