From Initial Access to Ransomware Attack – 5 Real Cases Showing the Path from Start to End

KELA Cyber Intelligence Center

Successful ransomware attacks are all alike: they start from unnoticed access to a company’s network. While some attackers get their access in a stealthy way, some use publicly available offerings on cybercrime forums and markets.
Part of these offerings is made by Initial Access Brokers who play a crucial role in the ransomware-as-a-service (RaaS) economy. These actors significantly facilitate network intrusions by selling remote access to a computer in a compromised organization (Initial Network Access) and linking opportunistic campaigns with targeted attackers. Ransomware actors are actively looking for network access listings on cybercrime forums to match their ideal ransomware victim.

In this blog, KELA reveals several ransomware attacks that started with network access on sale and led to an attack within a month from the sale offer.