The Matrix

The FBI cites an example in which unidentified attackers threatened the victim that “[i]f you will not engage us for negotiation we will leak your data to the nasdaq and we will see what’s gonna (sic) happen with your stocks.” Another example includes three publicly traded companies that became victims of ransomware while actively involved in mergers and acquisitions during their respective negotiations.

While the FBI notification does not encourage paying a ransom to criminal actors, the FBI acknowledges that victims faced with an inability to function will evaluate all options to protect their shareholders, employees, and customers. The FBI further urges the companies to report ransomware incidents to the local field office to provide information that may lead to identifying and holding ransomware attackers accountable under US law.

Lastly, consistent with information provided in a prior Matrix post about ransomware, the FBI also issued a number of recommendations, including:

• back-uping critical data offline
• ensuring copies of critical data are in the cloud or on an external hard drive or storage device
• securing back-ups and ensuring data is not accessible for modification or deletion from the system where the original data resides
• installing and regularly updating anti-virus or anti-malware software on all hosts
• using only secure networks and avoiding using public Wi-Fi networks
• using two-factor authentication for user login credentials, using authenticator apps rather than email as actors may be in control of victim email accounts and not clicking on unsolicited attachments or links in emails
• implementing least privilege for file, directory, and network share permissions