Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

FBI: Ransomware Attacks Exploit Financial Business Events

The Federal Bureau of Investigation (FBI) this week issued an industry-wide notification to raise awareness about ransomware operators leveraging information on mergers, acquisitions and stock valuations to launch extortion attacks on businesses.

The Federal Bureau of Investigation (FBI) this week issued an industry-wide notification to raise awareness about ransomware operators leveraging information on mergers, acquisitions and stock valuations to launch extortion attacks on businesses.

Ransomware actors are known for performing extensive research prior to launching an attack on victims, using publicly available information, along with material non-public data. Should the victim refrain from paying the ransom, the attackers threaten to disclose the gathered information publicly, thus attempting to extort the victim, the FBI warned.

“Ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims,” it added.

The FBI said ransomware victims are often carefully selected from a pool of entities  infected by an access broker with Trojan malware that is usually mass distributed.

The selection is performed based on initial reconnaissance during which non-publicly available information is identified and harvested to be used as leverage during the extortion phase.

“Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established,” according to the FBI advisory.

The Bureau also warns of incidents in which threat actors threatened to leak private data to the NASDAQ stock exchange, claiming it would affect the victim stock price.

[ READ: FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware ] 

Three publicly traded U.S. companies were targeted by ransomware between March and July 2020 while they were under active mergers and acquisitions negotiations. Two of the negotiations were private.

A November 2020 analysis of Pyxie RAT, a piece of malware that often leads to Defray777/RansomEXX ransomware infections, revealed that the adversaries were searching a victim’s network for keywords related to current and near future stock share price.

Darkside ransomware operators in April 2021 posted on their blog site a message indicating interest in negatively impacting their victims’ share prices.

The FBI encourages organizations to keep their data securely backed up offline, to ensure their software is updated at all times, to employ anti-malware software, to implement a least privilege approach and network segmentation, to use two-factor authentication, and to always use secure networks for connections.

Related: FBI Publishes IOCs for Hello Kitty Ransomware

Related: FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.