Ransomware Gangs Target Corporate Financial Activities

2021-11-02 20:17

Ransomware gangs are zeroing in on publicly held companies with the threat of financial exposure in an effort to encourage ransom payments, the FBI is warning.

In an alert issued this week [PDF], the Bureau said that activity over the course of the past year shows a trend toward targeting companies when they're coming up to "Significant, time-sensitive financial events," such as quarterly earnings reports and mandated SEC filings, initial public offerings, M&A activity, and so on.

Last year, the ransomware actor who goes by the handle "Unknown" appeared to mastermind the approach, suggesting in the Exploit Russian hacking forum that a good way to sway targets to succumb to ransom demands is by referencing their corporate presence on the NASDAQ stock exchange.

Some were following the advice: "Following this posting, unidentified ransomware actors negotiating a payment with a victim during a March 2020 ransomware event stated, 'We have also noticed that you have stocks. If you will not engage us for negotiation, we will leak your data to the nasdaq [sic] and we will see what's gonna [sic] happen with your stocks,'" according to the alert.

At least three publicly traded U.S. companies actively involved in M&A negotiations were hit with ransomware.

Bill Lawrence, CISO at SecurityGate, noted that companies should now be on high alert when going public, executing mergers or acquisitions, or going through other significant financial events - and should tightly control information, including public information.

News URL

https://threatpost.com/ransomware-corporate-financial/175940/

#financial #ransomware