Ransomware criminals targeting confidential M&A data, FBI warns

Dive Brief:

  • The FBI issued a warning that cyber criminals are targeting companies engaged in major transactions such as mergers and acquisitions and extorting ransom by threatening to publicize confidential, market-moving information.
  • “Ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections,” the FBI said in a Private Industry Notification on Nov. 1.
  • Cyber criminals often use Trojan malware to research nonpublic information among a pool of companies and identify the most vulnerable and promising targets, the FBI said. “Impending events that could affect a victim’s stock value — such as announcements, mergers and acquisitions — encourage ransomware actors to target a network or adjust their timeline for extortion.”

Dive Insight:

Cyber criminals are attacking a target-rich terrain as the economic rebound from a pandemic-induced recession triggers a surge in deal-making.

Many companies seek partners or buyers while struggling to recover from months of lockdowns and supply chain disruptions. Record fiscal and monetary stimulus has pushed up liquidity, and private equity firms hold abundant “dry powder.”

The value of worldwide M&A activity hit a record $4.4 trillion during the first nine months of 2021, according to Refinitiv. U.S. deal-making valuation rose 139% during the period to $2 trillion, or 45% of the global total.

“Activity is surging as companies use M&A to manage the still-unpredictable economic effects of the COVID-19 pandemic and find their strategic footing,” according to research by McKinsey. “They are pursuing deals to streamline their assets, establish or extend their digital capabilities, acquire top talent and otherwise strengthen their competitive positions.”

Hackers exploit their victim’s concern that company stock valuation will slump, the FBI said. “If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.”

Ransomware attacks hit at least three publicly traded U.S. companies negotiating M&As from March…