Menu
On Monday 1st of November 2021, the United States Federal Bureau of Investigation (FBI) released a TLP: WHITE private industry notification where they warned that threat actors from ransomware gangs are starting to target companies that involved in significant, time-sensitive financial events like corporate mergers and acquisitions in the hope that these events will encourage these target companies to pay the ransom payment.
As most ransomware gangs switched to the double extorsion model where ransomware gangs will encrypt files and steals data, before demanding a ransom payment and using the threat of publishing the stolen data as an incentive to pay the ransom, a key component of their operations is the initial reconnaissance where the threat actors will look to identify confidentially information and will steal it for leverage during extortion.
Now there is a risk of ransomware gangs using the information around financial events like mergers to encourage the payment of ransoms as confidentially information about those kinds of events could affect a victim’s stock value. The FBI then went onto highlight several incidents that have involved ransomware groups which have used inside or public info of key financial events to target possible vulnerable companies.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
