The FBI has released a new report saying ransomware groups are increasingly using “significant financial events” as leverage during their attacks.
According to the FBI, ransomware groups are using events like mergers and acquisitions to target companies and force them into paying ransoms.
“Prior to an attack, ransomware actors research publicly available information, such as a victim’s stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash,” the FBI wrote.
“Ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims. Ransomware is often a two-stage process beginning with an initial intrusion through a trojan malware, which allows an access broker to perform reconnaissance and determine how to best monetize the access.”
The FBI noted that while ransomware groups indiscriminately distribute malware, they often carefully select their victims based on the information they get from initial intrusions.
The gangs search for non-public information and then threaten companies by saying they will release the documents ahead of important financial events, hoping the pressure will prompt victims to pay ransoms.
The groups look for data or information that they know will