Hackers using private financial information to extort people


San Francisco, Nov 3 (IANS): The US has warned that ransomware hacking groups are now targeting companies involved in "significant, time-sensitive financial events" and people whose private financial information they have gained access to.

In a latest advisory to private firms, the Federal Bureau of Investigation (FBI) said that ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.

"Prior to an attack, ransomware actors research publicly available information, such as a victim's stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash," the FBI said in its report.

During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands.

If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash.

The FBI said it has identified several cases of ransomware groups using information on an ongoing merger or acquisition negotiation to put pressure on the firms to pay up.

In early 2020, a ransomware actor using the moniker "Unknown" made a post on the Russian hacking forum "Exploit" that encouraged using the NASDAQ stock exchange to influence the extortion process.

Following this, unidentified ransomware actors negotiating a payment with a victim during a March 2020 ransomware event stated: "We have also noticed that you have stocks. If you will not engage us for negotiation we will leak your data to the nasdaq and we will see what's gonna (sic) happen with your stocks."

Between March and July 2020, at least three publicly traded US companies actively involved in mergers and acquisitions were victims of ransomware during their respective negotiations.

In April this year, Darkside ransomware actors posted a message on their blog site to show their interest in impacting a victim's share price.

The message stated: "Now our team and partners encrypt many companies that are trading on Nasdaq and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn a reduction in the price of shares. Write to us in 'Contact Us' and we will provide you with detailed information."

The FBI said that paying a ransom emboldens adversaries to target additional organisations, encourages other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities.

Paying the ransom also does not guarantee that a victim's files will be recovered.

"However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers," it said.

 

  

Top Stories


Leave a Comment

Title: Hackers using private financial information to extort people



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.