FBI Warns Ransomware Actors Using Financial Events, Stock Valuation To Target Companies, Experts Weigh In

BACKGROUND:

In its November 1st notification Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims, the FBI warns: “Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections. Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.”

In response, three experts offer perspective.

Experts Comments

November 03, 2021
Todd Carroll
CISO
CybelAngel

M&A’s contain huge amounts of sensitive and highly valuable information and it’s important organisations have a real-world view of their own and their targets cybersecurity exposure, because leaking data is an accrued risk for all parties involved – one that cyber criminals will take advantage of.   

Actively monitoring for data leaks, with visibility across all layers of the internet, including Connected Storage, Cloud Drives, Clear, Deep and Dark Web, Databases, Code

.....Read More

M&A’s contain huge amounts of sensitive and highly valuable information and it’s important organisations have a real-world view of their own and their targets cybersecurity exposure, because leaking data is an accrued risk for all parties involved – one that cyber criminals will take advantage of.   

Actively monitoring for data leaks, with visibility across all layers of the internet, including Connected Storage, Cloud Drives, Clear, Deep and Dark Web, Databases, Code Repositories all outside the organization’s security perimeter, is essential. Maintaining good cyber hygiene and staying on top of security risks in a high-stakes environment is the difference in protecting against ransomware attacks, or suffering from one.

  Read Less
November 03, 2021
Josh Brewton
vCISO
Cyvatar

This criminal tactic is nothing new. Criminals have utilized geographic location, high social status, and evidence of big-ticket purchases to target victims. Criminals are using similar cybercrime tactics to target their next victim. These tactics ensure victims have the means to pay out a ransom and are large enough to be forced to consider the public perception of how an incident is handled. Organizations need to consider the cost of the initial ransom requested and the cost of a damaged

.....Read More

This criminal tactic is nothing new. Criminals have utilized geographic location, high social status, and evidence of big-ticket purchases to target victims. Criminals are using similar cybercrime tactics to target their next victim. These tactics ensure victims have the means to pay out a ransom and are large enough to be forced to consider the public perception of how an incident is handled. Organizations need to consider the cost of the initial ransom requested and the cost of a damaged public image or leaked proprietary information to a competitor. There are many different driving factors, but they all end at the same point; the need for a secure and resilient network utilizing defense-in-depth to minimize the possibility of such events.

  Read Less
November 03, 2021
Bill Lawrence
CISO
SecurityGate

Cyber criminals continue to formulate new strategies to maximize their hauls from trojan malware and ransomware attacks.  They are spending time to reconnoiter those companies that are going public, executing mergers or acquisitions, or going through other significant financial events and focusing attacks there. 

Here, companies should especially keep their guard up during these types of events and use third-party penetration testers and thorough risk assessments to try to find the security

.....Read More

Cyber criminals continue to formulate new strategies to maximize their hauls from trojan malware and ransomware attacks.  They are spending time to reconnoiter those companies that are going public, executing mergers or acquisitions, or going through other significant financial events and focusing attacks there. 

Here, companies should especially keep their guard up during these types of events and use third-party penetration testers and thorough risk assessments to try to find the security gaps and types of data that would be helpful to criminals.  They should always ensure their public-facing information is controlled carefully, while sensitive financial or other data is encrypted and backed up to another secure location.  Two-factor and multi-factor authentication can help secure vulnerable accounts.

  Read Less
November 03, 2021
Jack Chapman
VP of Threat Intelligence
Egress

Ransomware gangs are driven by profit and they’re always looking for new ways to 'motivate' their victims pay. They know that the more pain and pressure they apply, the bigger the chance of success. By targeting organizations in the middle of sensitive financial events such as mergers and acquisitions, ransomware gangs expect that their attack will have greater leverage because it can negatively impact the victim’s share price. As additional leverage, the REvil ransomware

.....Read More

Ransomware gangs are driven by profit and they’re always looking for new ways to 'motivate' their victims pay. They know that the more pain and pressure they apply, the bigger the chance of success. By targeting organizations in the middle of sensitive financial events such as mergers and acquisitions, ransomware gangs expect that their attack will have greater leverage because it can negatively impact the victim’s share price. As additional leverage, the REvil ransomware gang has even gone so far as to claim they were considering adding in auto-email scripts to contact stock exchanges, making them aware of attacks to ensure the victim’s stock price is driven down. Ransomware gangs will stop at nothing to ensure their attacks succeed – and for organizations at risk of attack, that should be a big concern.

  Read Less
November 03, 2021
Saryu Nayyar
CEO
Gurucul

It’s no surprise that ransomware attackers follow the stock market in choosing their victims. The FBI reports that ransomware is often based on financial information published by the enterprise, coupled with insider information found once the attack has occurred. Often it is less about locking up the network than holding enterprises hostage to non-public information.

Ransomware attackers are increasingly going after profit, using their attacks to target companies who have had a run-up in their

.....Read More

It’s no surprise that ransomware attackers follow the stock market in choosing their victims. The FBI reports that ransomware is often based on financial information published by the enterprise, coupled with insider information found once the attack has occurred. Often it is less about locking up the network than holding enterprises hostage to non-public information.

Ransomware attackers are increasingly going after profit, using their attacks to target companies who have had a run-up in their stock price, or who have received significant VC funding. These enterprises may have money to use to pay ransomware attackers based on ready cash. Attackers often find that it’s easier to pay for non-public information rather than make that information available to the world. “Enterprises can be stuck between paying attackers versus making public potentially material information.

Every enterprise needs to keep financial information private. The best way to do so is to keep attackers out of your network. Failing that, you need to find and eject them before they get harmful data.

  Read Less
November 03, 2021
Garret F. Grajek
CEO
YouAttest

Reconnaissance is a key part of any malware attack - be it a data exfiltration attack on an enterprise or a ransomware attack on an individual. The attackers try to collect as much publicly available information on the target. And now that all entities, people and enterprises are living beings on the internet, there is much to be gathered. The key is to assume that data is being collected on the entity that wishes to stay protected - and to shore up the defenses. The key part for the individual

.....Read More

Reconnaissance is a key part of any malware attack - be it a data exfiltration attack on an enterprise or a ransomware attack on an individual. The attackers try to collect as much publicly available information on the target. And now that all entities, people and enterprises are living beings on the internet, there is much to be gathered. The key is to assume that data is being collected on the entity that wishes to stay protected - and to shore up the defenses. The key part for the individual are to limit ones surface area of attack by streamlining accounts and access, and to implement MFA at all logons. The same goes through with enterprises with the additional task of gaining knowledge of all the user and admin accounts, since by nature the user problem is much larger for the enterprise.

  Read Less
November 03, 2021
Doug Britton
CEO
Haystack Solutions

Criminal organizations are realizing the ability to drive leverage in their extortion demands by targeting companies at critical inflection points in their growth. This is a strategic play on an otherwise familiar ransomware attack. Any company that doesn't prepare for this attack is risking their ability to operate or fulfill their obligation to shareholders.  The most important preventative action any company can do is invest in a cybersecurity team. This is quickly becoming table stakes in

.....Read More

Criminal organizations are realizing the ability to drive leverage in their extortion demands by targeting companies at critical inflection points in their growth. This is a strategic play on an otherwise familiar ransomware attack. Any company that doesn't prepare for this attack is risking their ability to operate or fulfill their obligation to shareholders.  The most important preventative action any company can do is invest in a cybersecurity team. This is quickly becoming table stakes in this current climate of cyber-attacks. We have the technology to find critical talent, even in a tight labor market. We need to find the next generation of cyber professionals and get them into the fight or this threat will only continue to grow.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.