New reports are published by the FBI pertaining to ransomware groups observed to exploit special financial events to perform their attacks. The ransomware threat groups use financial events such as acquisitions and mergers to target institutions and compel them to pay ransom demands.
The FBI stated that ransomware groups research and acquire the victim’s publicly available data before executing an attack. The information includes victims’ stock valuation and their material non-public information. The information the threat actors hold will be used as bait for victims to pay the ransom demands immediately. And if they don’t, victims will be threatened about having their data be leaked to the public, resulting in backlashes of investors.
Furthermore, these ransomware groups like to target firms participating in time-sensitive financial events because there are higher chances of the ransom being paid.
Ransomware groups can extensively distribute malware; however, the FBI notes that some threat groups also carefully choose victims based on the data they have gathered and stolen during the first stages of intrusions.
Some instances also include ransomware groups urging their fellow threat actors to use NASDAQ stock exchange services as a forefront during extortion.
Concerning this, the FBI has discovered a direct quote from one ransomware group as it negotiated with a victim last year. The threat actor said they are aware of the victim owning stock, and if they do not comply with the ransom demands, the victim’s data will be leaked to NASDAQ that will endanger their stock.
From March to July of last year, the FBI has recorded about three US companies suffered from a ransomware attack while they were in the process of acquisition and merger. Two out of the three companies have negotiated with the threat group privately.
Last April, the DarkSide ransomware group has also shared a message saying that their group and affiliates are encrypting institutions that trade on NASDAQ and other stock exchanges.
Security experts say that ransomware groups will consume every advantage they can find to execute attacks, such as promoting themselves on Twitter, doing press releases, and more. Furthermore, they stated that threat groups have been enhancing their tactics to progress their attacks, and there is no saying that it can be stopped any time soon.