Venture funds (VC) are low-hanging fruit for smart cybercriminals who aptly exploit this weakest link of the supply chain. Prominent startups and even leading technology companies share a great wealth of highly confidential data with VCs, spanning from their financial performance or per-client spending to intellectual property and trade secrets. Very few VCs can afford a cyber-defense program comparable to the banking industry for example. The human factor also plays a decisive role, while the high turnover of junior analysts and interns exacerbate the risk of successful phishing and social engineering attacks.

Worse, many funds compile the data received from startups in unprotected archives, aggregating terabytes of confidential documents. Not infrequently this data is shared among external entities or other VCs. Cybercriminals that target unprepared VCs undertake their best efforts to remain in stealth mode and keep control over the infrastructure to continue receiving even more data. Hopefully, this ransomware incident will raise cybersecurity awareness among VCs who will pay more attention and allocate more budgets to their own cybersecurity. Startups should ascertain that VCs have an adequate data protection program prior to sharing any sensitive information with potential investors.