Employees Willing to Sell Credentials to Ransomware Gangs

by

September 14, 2021

bad_employee

Cybersecurity firm KELA has issued an interesting report that claims to identify what type of victim ransomware gangs are looking for and offer insight into the dark inner workings of a criminal mind.

Ransomware gangs are looking for the following when hunting for targets:

  1. The company MUST be based in the US
  2. The company MUST bring in more than $100 million a year in revenue
  3. Gangs are NOT interested in businesses in the education, healthcare, government, or non-profit sectors (though, to be honest, I don’t know how many entities in those sectors would be making more than $100 million a year in revenue, I digress. I didn’t write the thing, I”m just relaying the information to you)
  4. Gangs look primarily for access information (credentials, etc) for RDP and VPN Products from Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco
  5. They’re willing to pay up to $100,000 to employees of their target company for such access. However, most are only willing to go as high as $57K

Yes, you read that correctly, ransomware gangs are actively PAYING people to sell out their employer! Not only that, they’re being met with success! There are people out there READY and WILLING to do it. The mind boggles. People would be willing to sell out their own employer for $50K plus potentially years in jail and God only knows how much money in legal fees once the Feds, because that’s who’s going to be after you, finally catch up.

KELA does offer some advice regarding what a business can do to protect themselves from such attacks and they’re reprinted below for convenience:

  1. Cybersecurity awareness and training for all key stakeholders and employees to ensure that key individuals know how to safely use their credentials and personal information online. This cyber training should include specifying how to identify suspicious activities, such as possible scam emails, or unusual requests from unauthorized individuals or email addresses.
  2. Regular vulnerability monitoring and patching to continually protect their entire network infrastructure and prevent any unauthorized access by Initial Access Brokers or other network intruders.
  3. Targeted and automated monitoring of key assets to immediately detect threats emerging from the cybercrime underground ecosystem. Constant automated and scalable monitoring of an organization’s assets could significantly improve maintaining a reduced attack surface, ultimately helping organizations thwart possible attempts of cyberattacks against them.

Note that moving your business outside of the United States isn’t listed, nor is how to actually stop an employee from selling their VPN credentials to some Odessa-based, Cheeto encrusted basement dweller. That’s a battle you’ll have to solve on your own apparently.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...