According to the FBI, ransomware gangs are targeting organizations involved in “time-sensitive financial events” like corporate mergers and acquisitions to blackmail their victims easily.
In a confidential sector notice issued on Monday, the FBI warned ransomware operators would use financial information obtained before cyberattacks as leverage to coerce victims to comply with ransom demands.
According to the FBI, ransomware perpetrators are very likely targeting and leveraging victim firms for ransomware attacks through important financial events such as mergers and acquisitions.
The FBI further said that cybercriminals uncover non-publicly available information during the first reconnaissance phase. They threaten to disclose or use as leverage throughout the extortion to induce victims to comply with ransom demands.
Announcements, mergers, and acquisitions, which might impact a victim’s stock value, incentivize ransomware criminals to target a network or change their timeframe for extortion once access is achieved.
The FBI states that paying a ransom to ransomware gangs is not encouraged and that enterprises should avoid doing so since there is no guarantee that doing so will protect them against data breaches or future attacks.
Paying ransoms encourages ransomware criminals to target even more victims and encourages other cybercrime gangs to follow their tracks and join them in their illicit activities.
On the other hand, the FBI understands the financial impact of a ransomware strike on a company, as executives may be compelled to contemplate paying a ransomware actor to safeguard shareholders, customers, or staff. The FBI highly advises that such events be reported to their local FBI field office.
The FBI also supplied tools to assist system administrators and cybersecurity experts in protecting networks against ransomware attacks.