- Threat actors are leveraging time-sensitive information about potential mergers and acquisitions — as well as stock valuations — to try and force companies to make rapid payments in a ransomware extortion, the FBI said Monday. The agency cited several prior instances since early 2020, where such attempts were made against companies using publicly available, and some closely held, information.
- The FBI cited several specific attacks over the period, including threats made against three publicly traded companies involved in separate M&A talks between March and July 2020. In two of the three instances, the merger talks were still private.
- In a separate incident during April 2021, the DarkSide ransomware group posted a message on their website mentioning a desire to influence the share price of a targeted company. "If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares," Darkside actors said, according to the FBI.
The FBI urged companies to back up critical data and make sure any backups were disconnected from a network or protected enough to make sure the stored information could not be manipulated or deleted. Companies should also implement two-factor authentication and implement least-privilege administrative access, the FBI said.
The FBI's findings echo what analysts have seen, according to Jon Amato, senior research director at Gartner. Ransomware actors, so called "hackerpreneurs," are using alternative means to increase pressure on target companies to make it more likely they will pay quickly.
"The threat of disclosure of sensitive information has been a particularly effective technique, as it effectively counters some of the commonly accepted response techniques organizations have used as a defense against ransomware — in this case, data recovery/restoration from backup." Amato said via email.
The decision on whether to move forward with a ransom payment like this will ultimately fall to senior executives and the board of directors at a company, according to Amato. One potential risk of paying off the threat actors however, is there is no guarantee they won’t try a second or third attempt.
The ultimate goal of ransomware criminals is to bring in as much money as possible, according to Allie Mellen, analyst, security & risk at Forrester.
"Ultimately, targeting organizations with valuable, timely and private information is to their benefit, especially if they want to get ransom and extortion payments as quickly as possible," Mellen said.
Mellen said companies need to take the initial steps that everyone should take to deter these kinds of attacks: implement multifactor authentication, push for the use of strong passwords, don’t click on suspicious links and make sure the IT team has safe and secure data backups.
As part of the alert, the FBI reiterated it does not encourage making a payment, because there is no guarantee another ransom won’t be attempted. The FBI however conceded that in some cases businesses are faced with the risk of not being able to function if they hold firm against the threat.