Ransomware, Threat Management
Report sheds light on use of initial access brokers in ransomware attacks
Share
Initial access brokers have been a crucial component of the ransomware-as-a-service economy, reports ZDNet.
A study from KELA revealed that at least five Russian ransomware gangs — namely Avaddon, BlackByte, Conti, DarkSide, and LockBit — have been using IABs.
Avaddon was observed to add a United Arab Emirates-based steel product supplier on its domain three weeks after access to the company was posted for sale on a forum, while Conti exposed data belonging to a US manufacturer within two weeks after access was sold on the dark web.
Moreover, LockBit ransomware was able to attack Bangkok Airways less than a month after securing AnyConnect VPN access from an IAB dubbed "babam."
"Bangkok Airways did not disclose any investigation details, but based on the timeline, it is highly possible that the attack was performed using the bought access," said researchers.
The report also showed that babam also traded access to Gyrodata, a mining technology company.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Related Terms
BackdoorBotnetCovert ChannelsDNS SpoofingDarknetDeauthentication AttackDeepfakeDefacementDomain HijackingDumpster DivingGet daily email updates
SC Media's daily must-read of the most current and pressing daily news