Artificial IntelligenceKELA’s “All Access Pass: Five Trends with Initial Access Brokers” Report Reveals the Inner Workings of the Ransomware-as-a-Service Ecosystem

KELA, the global leader in actionable threat intelligence, today announced the launch of brand new research along with LUMINT, a new offering providing users with a glimpse into KELA’s latest intelligence insights from the dark web including newly listed ransomware attacks, compromised network accesses for sale in cybercrime forums, leaked databases and data dumps, and updates on trending cybercrime threats. KELA’s newly released research report, “All Access Pass: Five Trends with Initial Access Brokers,” includes an in-depth analysis of Initial Access Brokers (IAB) and their activity for a full year from July 1, 2020 to June 30, 2021.

Some of KELA’s key findings include:

  • The largest percentages of victims are located in the U.S. with others in France, UK, AustraliaCanadaItalyBrazilSpainGermany and UAE
  • Pricing is often determined by company size and level of privileges within the compromised network, with $5,400 as the average price for network access, AND $1,000 as the median price.
  • Some of the highest sale prices identified were 12 Bitcoin for access to a $500 million company and $100 thousand for access to a national government organization
  • These IABs have recently begun using the access to steal from the victims before posting the access for sale
  • A proven link between initial access listings and ransomware attacks that were executed and publicly announced.

As business models have matured, KELA observed some successful IABs changing their sales methods, moving away from public forums to private channels with trusted buyers. Now, as the economy continues to grow, there are not only new trends emerging amongst existing IABs, but many new sellers entering the zone.

“While remote work became mandatory in 2020, ransomware and associated criminal businesses also saw significant growth. In the last year, IABs have become key components of the ransomware-as-a-service ecosystem, making malicious network access easy and lucrative for many of today’s leading attacks. Our researchers were particularly interested in exploring our extensive dark web data to understand how the shift in the real world gave way to the cybercrime underground,” said Aviad Gal, Head of Product at KELA. “Now with LUMINT, our complimentary offering, customers can also gain direct access to a window of the information our analysts uncover and synthesize every day. We are excited to empower all organizations – from small businesses to the largest enterprises – with the information they need to defend against the continual mounting cyber threats.”

KELA provides unrivaled visibility into adversary behaviors and relevant threats, illuminating and deciphering hidden events, activities and actors that would typically go undetected and unanalyzed. KELA delivers the contextual intelligence for its customers to proactively neutralize threats before it impacts their business.

LUMINT, KELA’s new offering, sheds light on unknown, undetected dark web activity and provides users with a glimpse into some of the latest intelligence insights from the dark web including newly listed ransomware attacks, trending threats and the latest data, services and compromises for sale on criminal forums. Armed with this information, security teams will have unique insights to help enrich their knowledge and understanding of the dark web with top highlights curated by KELA’s intelligence experts.

For more information or to subscribe, please visit


Leave a Reply

Your email address will not be published. Required fields are marked *