The FBI has issued a warning about ransomware groups targeting businesses involved in time-sensitive financial events, such as mergers and acquisitions, for their extortion attempts.

What's happening?

It is a well-known fact that significant events such as announcements, mergers, and acquisitions have high chances to affect an organization's prestige as well as stock value.
  • In an alert published by the FBI, the agency claims that ransomware groups would use the financial information obtained before the attacks as leverage to force the victims to agree to ransom demands.
  • In the initial reconnaissance phase, the ransomware operators may look for private and non-publicly available sensitive information to use during extortion.
  • Once inside the network, ransomware operators time their attempt to to sync their extortion with such events to put more pressure on the victims when they are in the middle of a deal.

Ransomware impacting the stock price 

Ransomware groups sending threatening to impact victim organization stock value is not a new thing. This has been observed in the past.
  • The DarkSide ransomware group had threatened to share insider details on businesses trading on NASDAQ or other stock markets.
  • Last year, the REvil group claimed to consider adding an auto-email script that would reach stock exchanges to let them know that businesses are hit by ransomware and it may impact their stock price.


Several ransomware groups are innovating with various tactics in an attempt to put pressure on their victims and extort ransom. In the coming months, this tactic may be adopted by other ransomware groups as well. Organizations are suggested to prepare adequate security measures such as taking frequent data backups and implementing a robust patch management system to withstand threatening ransomware attacks.

Cyware Publisher