Ransomware, Threat Management

Report sheds light on use of initial access brokers in ransomware attacks

Share

Initial access brokers have been a crucial component of the ransomware-as-a-service economy, reports ZDNet. A study from KELA revealed that at least five Russian ransomware gangs — namely Avaddon, BlackByte, Conti, DarkSide, and LockBit — have been using IABs. Avaddon was observed to add a United Arab Emirates-based steel product supplier on its domain three weeks after access to the company was posted for sale on a forum, while Conti exposed data belonging to a US manufacturer within two weeks after access was sold on the dark web. Moreover, LockBit ransomware was able to attack Bangkok Airways less than a month after securing AnyConnect VPN access from an IAB dubbed "babam." "Bangkok Airways did not disclose any investigation details, but based on the timeline, it is highly possible that the attack was performed using the bought access," said researchers. The report also showed that babam also traded access to Gyrodata, a mining technology company.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.