Ransomware gangs leaking sensitive financial information to extort organizations

Image: Getty Images/iStockphoto

Ransomware operators volition stoop to immoderate maneuver indispensable to effort to unit their victims to acquiesce to the ransom demands. One fashionable maneuver is treble extortion successful which the attackers endanger to people the stolen information unless the ransom is paid. Now immoderate transgression gangs person devised a twist connected that benignant of ploy. In a new study published Monday, the FBI warns of attacks successful which ransomware groups volition leak delicate accusation that could interaction a company's banal terms if the ransom goes unpaid.

SEE: Infographic: The 5 phases of a ransomware attack (TechRepublic)

Before launching an existent attack, ransomware operators volition probe the intended unfortunate to find nationalist and nonpublic accusation that they tin leverage. Such accusation could see details astir impending mergers oregon acquisitions and different delicate concern oregon fiscal actions.

Unless the ransom is paid pursuing the attack, the criminals endanger to leak this accusation publicly, thereby affecting the banal terms oregon creating a backlash among investors.

"It is not antithetic for attackers to cognize however overmuch currency you person available, however overmuch security you transportation and adjacent if you are progressive successful a merger oregon acquisition, arsenic they reappraisal fiscal documents anterior to unleashing the encryption malware," said KnowBe4 Security Awareness Advocate Erich Kron. "In immoderate cases, these groups volition hold until a vacation play erstwhile staffing is apt to beryllium slim and absorption times are slowed by radical leaving municipality oregon being unavailable."

SEE: Hackers are getting amended astatine their jobs, but radical are getting amended astatine prevention (TechRepublic) 

In its report, the FBI described a fewer existent ransomware incidents successful which the attackers utilized oregon threatened to usage this tactic.

In 2020, a ransomware relation posted a enactment connected a Russian hacking forum urging hackers to usage the NASDAQ banal speech to extort nationalist companies. A mates of months later, a ransomware attacker negotiating with a unfortunate sent them the pursuing warning: "We person besides noticed that you person stocks. If you volition not prosecute america for dialog we volition leak your information to the nasdaq and we volition spot what's gonna (sic) hap with your stocks."

Also successful 2020, astatine slightest 3 nationalist companies successful the U.S. progressive successful mergers and acquisitions were deed by ransomware attacks portion conducting talks to hammer retired the details. For 2 of these companies, the talks were private.

In November 2020, an investigation of a distant entree trojan dubbed Pyxie RAT, which often precedes a ransomware attack, recovered respective keywords successful a hunt of a victim's network. These words included 10-q1, 10-sb2, n-csr3, nasdaq, marketwired, and newswire.

In April of 2021, Darkside ransomware operators posted an update connected their blog tract with a maneuver designed to wounded a company's banal price. The station stated: "Now our squad and partners encrypt galore companies that are trading connected NASDAQ and different banal exchanges. If the institution refuses to pay, we are acceptable to supply accusation earlier the publication, truthful that it would beryllium imaginable to gain successful the simplification terms of shares. Write to america successful 'Contact Us' and we volition supply you with elaborate information."

SEE: Ransomware attack: Why a tiny concern paid the $150,000 ransom (TechRepublic) 

Whether to wage the ransom is simply a hard determination that each victimized enactment indispensable make. In its report, the FBI reiterated that it does not urge paying the ransom arsenic doing truthful encourages these types of criminals and doesn't warrant that the encrypted files volition beryllium decrypted. Whatever determination an enactment makes, however, the FBI inactive encourages victims to study immoderate incidental to instrumentality enforcement.

Further, to support your enactment from ransomware attacks successful the archetypal place, the FBI offers the pursuing tips:

• Back up your captious information and support the backups offline.
• Make definite that backup copies of your captious information are stored successful the unreality oregon connected an outer device.
• Ensure that your backups are unafraid and that the information cannot beryllium modified oregon deleted from the root of the archetypal data.
• Install and update antivirus and anti-malware bundle connected each systems and hosts.
• Only usage unafraid networks and debar nationalist and unsecure Wi-Fi networks.
• Set up two-factor authentication for each relationship credentials. Also, usage authenticator apps alternatively than email verification to thwart attackers who compromise email accounts.
• Never click connected unsolicited oregon unexpected attachments oregon links successful emails.
• Enable slightest privilege entree for files, directories and web shares.

"Organizations, particularly those coming into delicate times specified arsenic those astir a merger oregon acquisition, are omniscient to absorption connected preventing these attacks by dealing with the astir communal onslaught vectors for ransomware, phishing emails and distant entree portals," Kron said. "Training users and investigating them with simulated phishing attacks, allowing them to go much proficient astatine spotting and reporting these attacks, is simply a cardinal method to little hazard of infection, arsenic is ensuring distant entree portals are monitored for brute unit attacks, and requiring multi-factor authentication for immoderate idiosyncratic logins."

Also see