FBI Issues Warning That M&A Transactions at Risk for Ransomware Attacks

On November 1, 2021, the FBI issued a Private Industry Notification, warning companies that “ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.”

The Notification warned that ransomware threat actors have been found to be researching publicly available information to identify targets that they believe may be looking for “time-sensitive financial events” — such as a Merger and Acquisition Transaction (M&A) and then using what is commonly known in the cybersecurity industry as “Trojan malware” to infiltrate your computer systems and private company information and determine “how to best monetize the access.”

After accessing all of your private information, the threat actors identify the plans and strategies of your company that would be detrimental to the targeted financial event if made public and attempt to extort money from your company to prevent the publication.

To ward against these attacks, the FBI provides the following recommendations:

• Back-up critical data offline;

• Ensure copies of critical data are in the cloud or on an external hard drive or storage device;

• Secure your back-ups and ensure data are not accessible for modification or deletion from the system in which the original data reside;

• Install and regularly update anti-virus or anti-malware software on all hosts;

• Only use secure networks and avoid using public Wi-Fi networks;

• Use two-factor authentication for user login credentials, use authenticator apps rather than email as actors may be in control of victim email accounts, and do not click on unsolicited attachments or links in emails; and

• Implement “least privilege” status for file, directory, and network share permissions.