Why don't RaaS affiliates target Chinese companies?

With the Canadian national recently arrested for his role in Netwalker and the Lockbit list of affiliates released (i.e. usernames such as 'malibudad'), I think it's safe to say many affiliates are not purely of Russian or Soviet-bloc origin. Meaning... they are living in Western countries and obviously very good because most of the public investigation/coverage has been directed towards the authors of the ransomware and not the individuals deploying it domestically.

It might seem stupid, but (especially for affiliates of American origin), why not target cash-rich Chinese firms (or firms not in the American/EU sphere on influence)? Similar to how the authors of malware prevent its use if Cyrillic is detected - without invoking some larger moral thing - it seems like a natural option for affiliates not to shit where they eat?

submitted by /u/heap-spray-n-pray
[link] [comments]

from hacking: security in practice https://ift.tt/3jH11N0

Comments