The FBI has warned that ransomware gangs are increasingly interested in targeting companies that are in the middle of "urgent financial events" such as corporate mergers and acquisitions. In the private industry advisory, the FBI says it has evidence suggesting that online thugs collect financial information before the attacks, which they then use as leverage to plunder their victims. “Prior to an attack, ransomware actors seek free information in the public, such as an assessment of a victim's actions, such as essential non-public information. If victims do not pay a ransom promptly, ransomware actors will threaten to publicly disclose this information, leading to potential backlash from investors,” the FBI stated. In unraveling the modus operandi of these enterprising cybercriminals, the FBI says they first infiltrate malware that helps them search the target's computer for sensitive financial information, which can be used to coerce the victim into paying the ransom.
Hit where it hurts
Upcoming events that could affect a victim's stock value, such as critical announcements, mergers and acquisitions, prompt ransomware actors to target a network or adjust their extortion schedule. This is proven by the fact that most of the victims of this reconnaissance malware do not end up being attacked by the ransomware. The FBI has shared certain incidents to support its claims. He stated that between March and July 3, at least 3 publicly traded US companies that actively participated in mergers and acquisitions fell victim to ransomware during their respective negotiations. Proof of recognition can be established by the fact that of the 2 ongoing mergers, 777 were under private negotiation. Similarly, analysis of the Pyxie Remote Access Trojan (RAT), which often precedes the DefrayXNUMX / RansomEXX ransomware attack, found that attackers use the RAT to search for files and data that could help influence current behavior. and close to the victim. future course of action. Threats to publicly expose these files could make victims more compliant.
Better Practices
The FBI used the notification to repeat its position that it does not accept a ransom payment as it only encourages the threat actor to victimize others. However, he understands how companies that have been crippled by ransomware may have no choice but to engage with threat actors. The notification ends by telling multiple ways in which companies can protect themselves against such cyber attacks. For example, he suggests storing copies of critical data in the cloud or on an external hard drive or offline storage device. It also recommends that companies install and regularly update antivirus software on each and every host. It is essential to note that, by suggesting that companies move to 2-factor authentication (2FA), the FBI promotes the use of authenticator applications instead of email, since the attackers may already have compromised the email accounts of the victims. "Implement least privilege for permissions on files, directories, and network shares," the FBI concludes, as it counts other resources to help companies close the hatches. Companies need to employ one of these best firewall apps and services to secure their networks and make sure their computers are running these best endpoint protection tools to add another layer of defense against such cyberattacks.