The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events,” such as corporate mergers and acquisitions, to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands. “The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the federal law enforcement agency said. “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands,” the FBI added. “Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.”
Ransomware criminals are opportunists who will leverage anything they can to make victims more likely to pay the ransom. Best practice is not to pay ransoms and further fund the criminal ecosystem, but because of the additional actions ransomware gangs do to extort victims beyond encrypting their files, it is always best to never become a victim in the first place. Educate employees on spotting and reporting phishing emails and use multi-factor authentication (MFA) for all remote access points, such as virtual private networks (VPN). Beyond this, implement a good endpoint detection and response (EDR) product and have a vigilant SOC triaging alerts or make use of a service like Binary Defense for monitoring. Always have multiple backups, including offline backups, and have a rigorous incident response plan in place.