The Federal Bureau of Investigation (FBI) published a new private industry notification (PIN) to warn organizations of targeted ransomware attacks aimed at companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions.
Ransomware gangs target these companies because there is a high likelihood that they will pay the ransom to avoid the impact of the disclosure of sensitive data during these events.
The attackers conduct a reconnaissance phase about their targets, looking for public and nonpublic information that could be used to threaten victims to disclose in case the victims do not pay the ransom.
“The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections. Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information.” reads the notification published by the FBI. “If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.”
Ransomware operators chose the targets based on the knowledge of impending events that could affect the victim’s stock value, including announcements, mergers, and acquisitions.
The FBI’s PIN cites multiple cases in which ransomware gangs adopted this strategy to choose their victims. In April, the Darkside ransomware operators announced with a message on their leak side that they will provide information stolen from these companies before the publication, so that it would be possible to earn at the reduced price of shares.
The ransomware gang aims at making pressure on the companies threatening them to leak information that could have a negative impact on their stock price, making it possible to traders to make a profit from the fall of the stock prices.
The FBI also reported the case of at least three publicly traded US companies actively involved in mergers and acquisitions that were victims of ransomware during their respective negotiations between March and July 2020.
The FBI recommends avoiding paying the ransom because it’s not guaranteed that paying it will allow to recover data and prevent future data leaks or attacks. Paying ransom encourages ransomware gangs to increment their cybercriminal practice.
“However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to your local FBI field office. Doing so provides the FBI with the critical information they need to prevent future attacks by identifying and tracking ransomware attackers and holding them accountable under US law” concludes the notification.
The PIN also provides recommendations to minimize the impact of ransomware attacks.
(SecurityAffairs – hacking, ransomware gangs)