Not that there is ever a good time for your organization to become victim to a ransomware attack, but there are certainly worse times than others.
Imagine your organization has been working tirelessly on developing a new product, or planning a significant merger or acquisition that could shake up the industry, and a major public announcement is on the way. The announcement will no doubt affect the stock price and have implications as to how the future will look financially.
Everything is going smoothly until right up to that announcement, when suddenly all your internal servers are encrypted and your business is crippled. You've been hit with ransomware and must decide if you want to pay cybercriminals potentially millions of dollars or watch the stock price tumble.
This is a real scenario organizations have had to deal with, which is why the Federal Bureau of Investigations (FBI) just issued a private industry notification discussing how ransomware operators utilize financial events to target victims.
Ransomware operators utilize financial events
The statement from the FBI details how ransomware actors use publicly available information, like a stock valuation, and material nonpublic information to target and leverage victim organizations.
The notification reads:
"Ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims."
It also mentions the specific types of financial events:
"Impending events that could affect a victim's stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established."
These types of attacks targeting organizations with time-sensitive financial events began picking up traction in early 2020, when a threat actor known as "Unknown" posted on a Russian hacking forum, encouraging others to use the NASDAQ stock exchange to influence the extortion process, according to the FBI.
Soon after, three publicly traded U.S. companies, who were all actively involved in mergers and acquisitions, fell victim to ransomware during these negotiations.
The FBI also states that in November 2020, a technical analysis of a remote access trojan (RAT) identified keyword searches on a victim's network, such as 10-q, 10-sb, n-csr, nasdaq, marketwired, and newswire, showing interest in the victim's current and future stock price.
Then, in April 2021, Darkside operators posted this message to their blog:
"Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in 'Contact Us' and we will provide you with detailed information."
How can your organization mitigate these risks?
7 FBI recommendations for defending against ransomware
While the FBI urges organizations to never pay the ransom, noting payment only encourages the malicious behavior of hackers, it does acknowledge that executives must evaluate all options to protect their shareholders, employees, and customers.
With that being said, the bureau does also provide recommendations to protect your organization from ransomware:
- "Back-up critical data offline."
- "Ensure copies of critical data are in the cloud or on an external hard drive or storage device."
- "Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the original data resides."
- "Install and regularly update anti-virus or anti-malware software on all hosts."
- "Only use secure networks and avoid using public Wi-Fi networks."
- "Use two-factor authentication for user login credentials, use authenticator apps rather than email as actors may be in control of victim email accounts and do not click on unsolicited attachments or links in emails."
- "Implement least privilege for file, directory, and network share permissions."
Register for the upcoming SecureWorld Rockies virtual conference, where you can learn from an agenda packed with experts on cybersecurity and connect with others in the industry.
