Companies planning big financial moves should be on guard for ransomware attacks, the FBI warned in an alert on Monday.
Ransomware hackers are “very likely” timing attacks to coincide with financial events, according to the alert, and will threaten to wreak havoc with investors if the victims don’t pay.
In order to pull off the targeted attacks, scammers first identify information that could threaten a victim’s stock value. For instance, between March 2020 and July 2020 two companies under private merger negotiations were infected with ransomware. The FBI also found that a hacking tool popular with ransomware actors was programmed with keyword searches related to stock prices, indicating that attackers were looking for specific information to leverage.
In April, the ransomware group known as DarkSide, which the FBI blamed for the Colonial Pipeline attack, detailed its efforts to go after victims actively trading on NASDAQ and other stock exchanges. “If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares,” the group wrote on its blog.
The FBI does not encourage the payment of ransom and encourages victims to report attacks to U.S. law enforcement.
Some research indicates that ransomware attacks may not budge stock prices as much as cybercriminals think. Researchers from Comparitech found that while share prices plummet an average of 22% immediately after an attack most stock prices bound back within 10 days.