This is the most likely time for your business to be hit by ransomware

Threat actors are going after your balance sheets, warns FBI

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The FBI has warned thatransomwaregangs are increasingly interested in attacking companies that are in the middle of “time-sensitive financial events” such as corporate mergers and acquisitions.

In the private industry notification, the FBI asserts that it has evidence that suggests the online thugs collect financial information before attacks, which they then use as leverage to extort their victims.

“Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash,”sharedthe FBI.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Unraveling the modus operandi of such enterprising cyber criminals, the FBI says that they first sneak inmalwarethat helps them trawl the target’s computer for financially sensitive information, which can be used toarmtwist the victim into paying the ransom.

Hitting where it hurts

Impending events that could affect a victim’s stock value, such as major announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion.

This is evidenced from the fact that most victims of these reconnaissance malware don’t actually end up being targeted by the ransomware.

The FBI shared a few incidents to back its claims. It shared that between March and July 2020, at least three publicly traded US companies that were actively involved in mergers and acquisitions were victims of ransomware during their respective negotiations.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Evidence of reconnaissance can be established from the fact that of the three pending mergers, two were under private negotiations.

In the same vein, analysis of the Pyxie remote access trojan (RAT), which often precedes the Defray777/RansomEXX ransomware attack, revealed that the attackers use the RAT to search for files and data that could help influence the victim’s current and near

future stock share price. Threats to publicly expose these files could then make the victims more pliable.

Best practices

The FBI used the notification to reiterate its position that it doesn’t condone paying ransom since it only encourages the threat actor to victimize others. However it understands how businesses that have been crippled by ransomware might not have any other option but to engage with the threat actors.

It ends the notification by listing a variety of ways businesses can protect themselves from such cyber attacks. For instance, it suggests housing copies of critical data in the cloud or on an external offline hard drive or storage device.

It also advises businesses to install and regularly updateantivirus softwareon all hosts.

Importantly, as it suggests businesses to switch to two-factor authentication (2FA), the FBI urges the use of authenticator apps rather than email, since the attackers might already have compromised the victim email accounts.

“Implement least privilege for file, directory, and network share permissions,” the FBI concludes, as it lists a few other resources to help businesses batten down the hatches.

Business should use one of thesebest firewall apps and servicesto protect their networks, and ensure their computers are running thesebest endpoint protection toolsto add another layer of defense against such cyber-attacks.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well