Federal agencies are warning businesses and consumers of heightened ransomware risks. On November 1, 2021, the FBI issued a Private Industry Notification, warning businesses that ransomware actors are using significant financial events, such as mergers and acquisitions (“M&A”), to target victims for ransomware infections.
Ransomware is often a two-step process whereby hackers infiltrate a system via malware, and then identify and hold non-public information captive, seeking a ransom in exchange for the release of the information. The FBI warns that hackers research publicly available information, such as a victim’s stock valuation and recent M&A transactions, to gain entry into the business’s network. Events that may impact the victim’s stock price, such as an M&A announcement, can encourage ransomware attackers to target a business.
According to the FBI, between March and July 2020, at least three publicly traded US companies actively involved in M&A transactions were the victims of ransomware attacks during their respective negotiations.
Most recently, on November 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the FBI issued an advisory, reminding people to be on alert for ransomware attacks and other cybersecurity attacks during the holiday season.
“Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends,” the advisory says.
To help protect against ransomware attacks and decrease the severity of their impact, businesses should:
The Corporate and Litigation Groups at Levenfeld Pearlstein are available to assist with any cybersecurity issues you may have. We would be happy to review your existing privacy, security, or cyberinsurance policies and assist with drafting any necessary updates as well. Please don’t hesitate to reach out.