Recent Posts

Popular Topics



Legal developments in data, privacy, cybersecurity, and other emerging technology issues

The FBI Warns M&A Participants on the Increasing Ransomware Threat

Last week, the Federal Bureau of Investigation issued a private industry notification warning that “ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.” The FBI cautioned that ransomware attackers research publicly available information and target companies involved in significant, time-sensitive financial dealings such as M&A and other transactions. This initial reconnaissance, according to the FBI, is later followed by a ransomware attack and a subsequent threat that unless the victim pays the ransom, the attackers will disclose the information publicly, causing potential investor backlash and affecting the victim’s stock value.

The FBI cites an example in which unidentified attackers threatened the victim that “[i]f you will not engage us for negotiation we will leak your data to the nasdaq and we will see what’s gonna (sic) happen with your stocks.” Another example includes three publicly traded companies that became victims of ransomware while actively involved in mergers and acquisitions during their respective negotiations.

While the FBI notification does not encourage paying a ransom to criminal actors, the FBI acknowledges that victims faced with an inability to function will evaluate all options to protect their shareholders, employees, and customers. The FBI further urges the companies to report ransomware incidents to the local field office to provide information that may lead to identifying and holding ransomware attackers accountable under US law.

Lastly, consistent with information provided in a prior Matrix post about ransomware, the FBI also issued a number of recommendations, including:

  • back-uping critical data offline
  • ensuring copies of critical data are in the cloud or on an external hard drive or storage device
  • securing back-ups and ensuring data is not accessible for modification or deletion from the system where the original data resides
  • installing and regularly updating anti-virus or anti-malware software on all hosts
  • using only secure networks and avoiding using public Wi-Fi networks
  • using two-factor authentication for user login credentials, using authenticator apps rather than email as actors may be in control of victim email accounts and not clicking on unsolicited attachments or links in emails
  • implementing least privilege for file, directory, and network share permissions
Topics: M&A, Ransomware
  • Steven M. Wernikoff

    Steve Wernikoff is a litigation and compliance partner who co-leads the Data, Privacy, and Cybersecurity practice and the Autonomous Vehicle group. As a previous senior enforcement attorney at the Federal Trade Commission's ...

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.