Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

FBI: Ransomware Attacks Exploit Financial Business Events

The Federal Bureau of Investigation (FBI) this week issued an industry-wide notification to raise awareness about ransomware operators leveraging information on mergers, acquisitions and stock valuations to launch extortion attacks on businesses.

The Federal Bureau of Investigation (FBI) this week issued an industry-wide notification to raise awareness about ransomware operators leveraging information on mergers, acquisitions and stock valuations to launch extortion attacks on businesses.

Ransomware actors are known for performing extensive research prior to launching an attack on victims, using publicly available information, along with material non-public data. Should the victim refrain from paying the ransom, the attackers threaten to disclose the gathered information publicly, thus attempting to extort the victim, the FBI warned.

“Ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims,” it added.

The FBI said ransomware victims are often carefully selected from a pool of entities  infected by an access broker with Trojan malware that is usually mass distributed.

The selection is performed based on initial reconnaissance during which non-publicly available information is identified and harvested to be used as leverage during the extortion phase.

“Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established,” according to the FBI advisory.

The Bureau also warns of incidents in which threat actors threatened to leak private data to the NASDAQ stock exchange, claiming it would affect the victim stock price.

[ READ: FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware ] 

Three publicly traded U.S. companies were targeted by ransomware between March and July 2020 while they were under active mergers and acquisitions negotiations. Two of the negotiations were private.

A November 2020 analysis of Pyxie RAT, a piece of malware that often leads to Defray777/RansomEXX ransomware infections, revealed that the adversaries were searching a victim’s network for keywords related to current and near future stock share price.

Darkside ransomware operators in April 2021 posted on their blog site a message indicating interest in negatively impacting their victims’ share prices.

The FBI encourages organizations to keep their data securely backed up offline, to ensure their software is updated at all times, to employ anti-malware software, to implement a least privilege approach and network segmentation, to use two-factor authentication, and to always use secure networks for connections.

Related: FBI Publishes IOCs for Hello Kitty Ransomware

Related: FBI Publishes Indicators of Compromise for Ranzy Locker Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...