The Matrix
{ Blog Post Bio Photo }

The FBI Warns M&A Participants on the Increasing Ransomware Threat

Posted by

Last week, the Federal Bureau of Investigation issued a private industry notification warning that “ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.” The FBI cautioned that ransomware attackers research publicly available information and target companies involved in significant, time-sensitive financial dealings such as M&A and other transactions. This initial reconnaissance, according to the FBI, is later followed by a ransomware attack and a subsequent threat that unless the victim pays the ransom, the attackers will disclose the information publicly, causing potential investor backlash and affecting the victim’s stock value.

The FBI cites an example in which unidentified attackers threatened the victim that “[i]f you will not engage us for negotiation we will leak your data to the nasdaq and we will see what’s gonna (sic) happen with your stocks.” Another example includes three publicly traded companies that became victims of ransomware while actively involved in mergers and acquisitions during their respective negotiations.

While the FBI notification does not encourage paying a ransom to criminal actors, the FBI acknowledges that victims faced with an inability to function will evaluate all options to protect their shareholders, employees, and customers. The FBI further urges the companies to report ransomware incidents to the local field office to provide information that may lead to identifying and holding ransomware attackers accountable under US law.

Lastly, consistent with information provided in a prior Matrix post about ransomware, the FBI also issued a number of recommendations, including:

  • back-uping critical data offline
  • ensuring copies of critical data are in the cloud or on an external hard drive or storage device
  • securing back-ups and ensuring data is not accessible for modification or deletion from the system where the original data resides
  • installing and regularly updating anti-virus or anti-malware software on all hosts
  • using only secure networks and avoiding using public Wi-Fi networks
  • using two-factor authentication for user login credentials, using authenticator apps rather than email as actors may be in control of victim email accounts and not clicking on unsolicited attachments or links in emails
  • implementing least privilege for file, directory, and network share permissions
Jump to Page