Ransomware Victims and Network Access Sales in Q3 2022

Sarit Borochov, Threat Intelligence Analyst

The most prolific ransomware and data leak actors in Q3 were LockBit, Black Basta, Hive, Alphv (aka BlackCat) and BianLian, with the last one being a relatively new ransomware gang. In Q3 2022, the sector that was most targeted by ransomware attackers and data leak actors was professional services. LockBit, Alphv and Hive were responsible for 55% of the attacks in this sector.

The US is still the most targeted country, with 40% of ransomware and extortion attacks affecting US companies in Q3, followed by ransomware and data leak victims from companies in the UK, France, Germany and Spain. New data leak sites and ransomware blogs of the quarter included Yanluowang, BianLian, 0mega, Daixin Team, Donut Leaks.

In Q3 2022, KELA traced over 570 network access listings for sale, with a cumulative requested price of around USD 4 million. The average price for access was around USD 2800 and the median price — USD 1350. In Q3 actors offered more expensive listings since the total number of listings remained almost the same. On average, there were around 190 access listings in each month of Q3, slightly higher than in Q2.