As if things weren’t hard enough when deep in the throes of a merger, there comes a fresh warning from the FBI: ransomware gangs are targeting big merger and acquisition (M&A) transactions.
Warnings about the activities of cyber criminals have been coming thick and fast in recent weeks, not least because the sheer scale of remote working appears to have weakened security arrangements.
Cyber crime experts at the Bureau say ransomware criminals are targeting M&As because they usually run with hard deadlines—a factor that pressures victims to pay up for fear of undermining stock values.
“Ransomware actors are targeting companies involved in significant, time sensitive financial events,” says an FBI statement, “to incentivise ransom payment by these victims.”
The FBI says one gang, using the name “Unknown”, posted a message on a Russian hacking forum suggesting gangs target Nasdaq companies. Three public companies were then targeted between March and July during their M&A negotiations.
‘Immediate danger’
Ransomware attacks see cyber gangs encrypt company information and then demand a ransom for unlocking the data with a key. In the most recent attack it appears gangs may be targeting price-sensitive information relating to forthcoming deals.
In October Lindy Cameron, chief executive of the UK National Cyber Security Centre, issued a warning about the preparations of companies and organisation for ransomware attacks. She said ransomware “presents the most immediate danger to the UK, UK businesses and most other organisations—from FTSE 100 companies, to schools; from critical national infrastructure to local councils.
“Many organisations—but not enough— routinely plan and prepare for this threat, and have confidence their cyber security and contingency planning could withstand a major incident. But many have no incident response plans, or ever test their cyber defences.”
Recent research suggests the overall number of attacks may be falling, but according to Sophos, a software company which compiles an annual ransomware report, that may not be good news and in fact may be due “in part to evolving attack approaches” that are more “targeted”.
“While the overall number of attacks is lower, our experience shows that the potential for damage from these targeted attacks is much higher,” Sophos says in its 2021 report.
Changing patterns in cyber crime
It has long been recognised that chief executives and board members are targets for time gangs. Data security expert Mathieu Gorge writes that it is impossible for “key” people to protect all their knowledge such as trade secrets and HR information without extreme discipline.
“People with intimate knowledge of business processes and policies need to be fully trained as to what they can and cannot do on social media and public forums. Their digital footprint is potentially bigger and riskier than that of other team members.”
Meanwhile, experts this year have been aware of other changing patterns in cyber crime. One shift has been to “hand-on-keyboard” attacks, which put aside automated ransomware tactics in favour exploiting know network weaknesses, usually after “reconnaissance”, according to Microsoft.
According to Kamal Bechkoum, professor of business and technology at the University of Gloucestershire, warns that cybersecurity is now a critical part of M&A deals. “Weak cybersecurity and active cyber attacks can dramatically limit a company’s acquisition process and, in a worst-case scenario, could prove to be a fatal deal-breaker.
He recommends companies prioritise cyber security “before, during and after” stages of any M&A. Actions “before” a deal include backing up critical data in the cloud and on external drive. During a deal the focus shoudl switch to vigilance and after companies should concentrate on “security, vigilance and resilience”
It should come as no surprise that cyber criminals target high-pressure corporate moments like M&A deals. Boards will need to ensure their companies are properly prepared to head off the risk. Sadly, there is rarely good news when it comes to ransomware.