Inside Information: Ransomware Targets Corporate Finance

Uploaded on 2021-11-10 in FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

The US Federal Bureau of Investigation (FBI) has released an advisory with a warning about how ransomware gangs are threatening to wipe out share prices for publicly held companies. 

Ransomware gangs infiltrate publicly owned companies by threatening financial exposure in an effort to promote ransom payments according to the warning.

The FBI says that ransomware criminals are likely using information on mergers, acquisitions and stock valuations to threaten vulnerable corporate targets.

The FBI says that cyber criminals try to find non-public information when targeting companies involved in major financial events, which they can threaten to publish if their ransom demand is not paid. “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands... Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established,” the FBI says in the newly published advisory.

Ransomware Gangs Often Use Double Extortion Tactics To Threaten Victims

The new extortion tactic consists of cyber criminals targeting businesses when they are approaching significant and time-sensitive financial events, such as quarterly earnings reports or initial public offerings. The criminals attempt to increase the likelihood that the company will pay the ransom by threatening to leak stolen information relevant to the upcoming events if the victim fails to pay.

  • In addition to file encryption, sensitive data are stolen and a threat is issued to sell or publish the data if the ransom is not paid. Ransomware gangs conduct extensive research on their victims before launching an attack, which includes gathering publicly available data and nonpublic material. 
  • The attacks are then timed to coincide with the release of quarterly earnings reports, SEC filings, initial public offerings, and merger and acquisition activity, with the release of information having the potential to significantly affect the victim’s stock value.

In the alert, the Bureau said that activity over the course of the past year shows a trend toward targeting companies when they’re coming up to “significant, time-sensitive financial events,” such as quarterly earnings reports and mandated SEC filings, initial public offerings and M&A activity

Criminal organisations are starting to recognise the ability to drive leverage in their extortion demands by targeting companies at critical points. This creates a new twist to ransomware attacks and may make cyber criminals more successful in obtaining payouts. 

The targeting of information specifically damaging to share price isn’t the only emerging ransomware trend. Recently, the FBI said that the 'Hello Kitty' group of cyber criminals  has added the threat of distributed denial of service (DDoS) attacks to its mix of “persuasion” tactics. The 'Hello Kitty' actors aggressively apply pressure to victims typically using the double extortion technique,” the FBI warned, referring to the double-whammy of encrypting files and exfiltrating information to make public if ransoms aren’t paid.  "In some cases, if the victim does not respond quickly or does not pay the ransom, the threat actors will launch a DDoS attack on the victim company’s public-facing website.”

Hello Kitty typically tailors its ransom demands to targets, and is known for using compromised credentials or known vulnerabilities in security software like SonicWall products for initial access to corporate networks. Last year, a ransomware actor called 'Unknown' appeared to be the first to use the approach, boasting on a Russian hacking forum that a good way to sway targets to pay up ransom demands is by referencing their corporate presence on the NASDAQ stock exchange.

The FBI advises against paying  ransom to criminals as thet consider this will only encourage them to target other victims. 

The FBI advisory reports that between March and July 2020, "at least three publicly traded US companies actively involved in mergers and acquisitions were victims of ransomware during their respective negotiations." According to the FBI, out of the three companies, only one of the negotiations was public knowledge. 

Paying the ransom does not guarantee a victim’s files will be recovered, although the FBI says that it understands when businesses are faced with an inability to function, corporate leaders will take all options into account to protect their shareholders and customers interests.

The FBI urges victims to report ransomware incidents and to provide law enforcement investigators with the critical information they need to track ransomware attackers, to hold them legally accountable and prevent future attacks. 

FBI:    Oodaloop:   Threatpost:   Techtarget:    ITSecurity Wire:     HIPPA:      Techcrunch:     

You Might Also Read: 

Directors Must Understand Their Organisation’s Cyber Risks: (£)

 

« The Value Of Network Pen Testing To Reduce Cyber Attacks
REvil Ransomware Gang Leaders Arrested in Poland »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

Digital Twin Consortium (DTC)

Digital Twin Consortium (DTC)

Digital Twin Consortium is a global ecosystem of users who are driving best practices for digital twin usage and defining requirements for new digital twin standards.

OmniSecuritas Technologies

OmniSecuritas Technologies

Omnisecuritas assists businesses in maintaining secure and resilient operations by providing comprehensive, affordable, turnkey cybersecurity products and services to businesses of all sizes.