FBI Warns Ransomware Actors Using Financial Events, Stock Valuation To Target Companies, Experts Weigh In

By   ISBuzz Team
Writer , Information Security Buzz | Nov 03, 2021 03:27 am PST


In its November 1st notification Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims, the FBI warns: “Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections. Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.”

In response, three experts offer perspective.

Notify of
7 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jack Chapman
Jack Chapman , VP of Threat Intelligence
November 3, 2021 11:51 am

<p>Ransomware gangs are driven by profit and they’re always looking for new ways to \’motivate\’ their victims pay. They know that the more pain and pressure they apply, the bigger the chance of success. By targeting organizations in the middle of sensitive financial events such as mergers and acquisitions, ransomware gangs expect that their attack will have greater leverage because it can negatively impact the victim’s share price. As additional leverage, the REvil ransomware gang has even gone so far as to claim they were considering adding in auto-email scripts to contact stock exchanges, making them aware of attacks to ensure the victim’s stock price is driven down. Ransomware gangs will stop at nothing to ensure their attacks succeed – and for organizations at risk of attack, that should be a big concern.</p>

Last edited 2 years ago by Jack Chapman
Todd Carroll
Todd Carroll , CISO
November 3, 2021 11:49 am

<p><span lang=\"EN-US\">M&amp;A’s contain huge amounts of sensitive and highly valuable information and it’s important <wbr />organisations have a real-world view of their own and their targets cybersecurity exposure, because leaking data is an accrued risk for all parties involved – one that cyber criminals will take advantage of. </span> <u></u><u></u> <u></u><u></u></p>
<p><span lang=\"EN-US\">Actively monitoring for data leaks, with visibility across all layers of the internet, including Connected Storage, Cloud Drives, Clear, Deep and Dark Web, Databases, Code Repositories all outside the organization’s security perimeter, is essential. Maintaining good cyber hygiene and staying on top of security risks in a high-stakes environment is the difference in protecting <wbr />against ransomware attacks, or suffering from one.</span></p>

Last edited 2 years ago by Todd Carroll
Saryu Nayyar
Saryu Nayyar , CEO
November 3, 2021 11:42 am

<p>It’s no surprise that ransomware attackers follow the stock market in choosing their victims. The FBI reports that ransomware is often based on financial information published by the enterprise, coupled with insider information found once the attack has occurred. Often it is less about locking up the network than holding enterprises hostage to non-public information.</p>
<p>Ransomware attackers are increasingly going after profit, using their attacks to target companies who have had a run-up in their stock price, or who have received significant VC funding. These enterprises may have money to use to pay ransomware attackers based on ready cash. Attackers often find that it’s easier to pay for non-public information rather than make that information available to the world. “Enterprises can be stuck between paying attackers versus making public potentially material information.</p>
<p>Every enterprise needs to keep financial information private. The best way to do so is to keep attackers out of your network. Failing that, you need to find and eject them before they get harmful data.</p>

Last edited 2 years ago by Saryu Nayyar
Garret F. Grajek
November 3, 2021 11:41 am

<p>Reconnaissance is a key part of any malware attack – be it a data exfiltration attack on an enterprise or a ransomware attack on an individual. The attackers try to collect as much publicly available information on the target. And now that all entities, people and enterprises are living beings on the internet, there is much to be gathered. The key is to assume that data is being collected on the entity that wishes to stay protected – and to shore up the defenses. The key part for the individual are to limit ones surface area of attack by streamlining accounts and access, and to implement MFA at all logons. The same goes through with enterprises with the additional task of gaining knowledge of all the user and admin accounts, since by nature the user problem is much larger for the enterprise.</p>

Last edited 2 years ago by Garret F. Grajek
Josh Brewton
Josh Brewton , vCISO
November 3, 2021 11:39 am

<p>This criminal tactic is nothing new. Criminals have utilized geographic location, high social status, and evidence of big-ticket purchases to target victims. Criminals are using similar cybercrime tactics to target their next victim. These tactics ensure victims have the means to pay out a ransom and are large enough to be forced to consider the public perception of how an incident is handled. Organizations need to consider the cost of the initial ransom requested and the cost of a damaged public image or leaked proprietary information to a competitor. There are many different driving factors, but they all end at the same point; the need for a secure and resilient network utilizing defense-in-depth to minimize the possibility of such events.</p>

Last edited 2 years ago by Josh Brewton

Recent Posts

Would love your thoughts, please comment.x