Skip to main content
close search
site logo
Dive Brief

Ransomware actors attempt to toy with stock valuation, disrupt M&A, FBI says

Published Nov. 3, 2021
David Jones's headshot
Reporter
A picture of the street sign stating "Wall Street." American flags drape over a nearby building
Kena Betancur via Getty Images

Dive Brief:

  • Threat actors are leveraging time-sensitive information about potential mergers and acquisitions — as well as stock valuations — to try and force companies to make rapid payments in a ransomware extortion, the FBI said Monday. The agency cited several prior instances since early 2020, where such attempts were made against companies using publicly available, and some closely held, information.
  • The FBI cited several specific attacks over the period, including threats made against three publicly traded companies involved in separate M&A talks between March and July 2020. In two of the three instances, the merger talks were still private. 
  • In a separate incident during April 2021, the DarkSide ransomware group posted a message on their website mentioning a desire to influence the share price of a targeted company. "If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares," Darkside actors said, according to the FBI.

Dive Insight:

The FBI urged companies to back up critical data and make sure any backups were disconnected from a network or protected enough to make sure the stored information could not be manipulated or deleted. Companies should also implement two-factor authentication and implement least-privilege administrative access, the FBI said. 

The FBI's findings echo what analysts have seen, according to Jon Amato, senior research director at Gartner. Ransomware actors, so called "hackerpreneurs," are using alternative means to increase pressure on target companies to make it more likely they will pay quickly. 

"The threat of disclosure of sensitive information has been a particularly effective technique, as it effectively counters some of the commonly accepted response techniques organizations have used as a defense against ransomware — in this case, data recovery/restoration from backup." Amato said via email.

The decision on whether to move forward with a ransom payment like this will ultimately fall to senior executives and the board of directors at a company, according to Amato. One potential risk of paying off the threat actors however, is there is no guarantee they won’t try a second or third attempt. 

The ultimate goal of ransomware criminals is to bring in as much money as possible, according to Allie Mellen, analyst, security & risk at Forrester.

"Ultimately, targeting organizations with valuable, timely and private information is to their benefit, especially if they want to get ransom and extortion payments as quickly as possible," Mellen said. 

Mellen said companies need to take the initial steps that everyone should take to deter these kinds of attacks: implement multifactor authentication, push for the use of strong passwords, don’t click on suspicious links and make sure the IT team has safe and secure data backups. 

As part of the alert, the FBI reiterated it does not encourage making a payment, because there is no guarantee another ransom won’t be attempted. The FBI however conceded that in some cases businesses are faced with the risk of not being able to function if they hold firm against the threat.

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell