The FBI recently warned that ransomware groups are targeting major, time-sensitive financial events-such as mergers and acquisitions of companies, in order to coerce victims into paying their ransom demands.The FBI pointed out in a consultation written to private companies this week that cybercriminals often try to find non-public information when targeting companies involved in major financial incidents. If they do not pay the ransom, cybercriminals will threaten to publish this information.
“In the initial reconnaissance stage, cybercriminals will find non-public information, and they threaten to publish this information or use this information as a bargaining chip in the extortion process to induce victims to comply with the ransom demand,” the FBI said. “What’s going to happen Events that may affect the value of victims’ stocks, such as announcements, mergers and acquisitions, encourage ransomware actors to target a network or adjust the ransomware schedule when access rights are established. If the victim does not pay the ransom quickly, the ransomware actors Will threaten to disclose this information publicly, which will cause potential investors to rebound.”
The FBI also stated that it has found several cases of ransomware groups using information from ongoing merger or acquisition negotiations to pressure organizations to pay fees.
Last year, a long-time member of the REvil ransomware group encouraged the use of the Nasdaq Stock Exchange as a way to force victims to pay. A few weeks later, another ransomware organization cited the victims’ publicly traded stocks in negotiations with the company. According to the FBI, analysis of another ransomware attack later that year found that hackers used several keywords to search the victim’s network for non-public information related to financial documents submitted to regulators and upcoming news. Financial Information.
In April of this year, the DarkSide Ransomware Group-later renamed BlackMatter-announced that it was seeking to cooperate with market dealers to punish victims who failed to pay. In a message posted on their now-deactivated blog, they urged traders to contact and obtain inside information about the gang’s latest corporate victim so that they can sell short stocks before any data is leaked and the information becomes public.
“Now our team and partners have encrypted many companies that trade on Nasdaq and other stock exchanges,” a post of the Russian hacker group wrote. “If the company refuses to pay, we are prepared to provide information before the announcement. It is possible to earn from the stock price reduction.”
The FBI has long urged organizations not to succumb to the ransom demands of cybercriminals, because this makes hackers more daring to target more organizations and fund other criminal activities, but it also points out that it understands that when companies face inability to operate, high Managers will evaluate all options to protect their shareholders, employees and customers.
This warning came after the FBI warned that the BlackMatter ransomware group had targeted multiple organizations that were considered critical infrastructure, including two organizations in the U.S. food and agriculture sectors.