Ransomware Hackers Turn Aim To Midmarket Targets

After several high profile ransomware attacks in 2021, including the Colonial Pipeline, JBS and Washington DC Metropolitan Police Department, hackers are reportedly aiming for more low-key targets in 2022. 

That’s according to cybersecurity expert and consultant at UHY LLP, Richard Peters, who said there was a pattern of behavior by ransomware operators targeting “midsize” operators. 

SEE ALSO: Continuous Intelligence Insights

The key reason for this is to avoid the publicity that many of those high profile cases garnered, which led to FBI and CIA investigations and even pressure on Russian and Ukrainian governments to find the people responsible, such as DarkSide and REvil. 

“Because of the M&A and because of the publicity around that, it became a better target,” said Peters to WSJ. “They’re watching. They know what’s going on in the news as well as any businessman out there.”

One of the key identifiers for these hacking groups is a midsize company that has recently been acquired or received investment from private equity. What would have been a difficult target to extract money from becomes, through the investment, a potential easy paycheck. 

Hackers primarily get the information of an investment through online news and social media. Jeremy Swan, managing principal at CohnReznick, said there’s a direct correlation between an attack and a deal announcement. 

These smaller organizations are often even less protected from ransomware than larger operations. And as the acquirer moves to a new IT system, it may provide the hackers with access to the private equity’s backend as well. 

The average payout is above $1 million for these midsize attacks, but they are still in the minority.