Ransomware Groups Targeting M&A Activity

By LinkSquares Team

ransomware attackRecently, the FBI issued an alert warning businesses about a new trend related to cybercriminals and how they choose their ransomware targets. According to the report, attackers are “very likely using significant financial events, such as mergers and acquisitions (M&A), to target and leverage victim companies for ransomware infections.” 

The FBI’s announcement comes on the backend of a record-breaking year for M&A activity globally and has led to increased concern among businesses, cybersecurity professionals, and legal teams across industries. This emerging trend is only the latest tactical evolution in what has become a thriving underbelly of ransomware-as-a-service gangs, who have been steadily garnering media attention over the past few years through an influx of targeted activity and high-profile breaches. According to data from SonicWall, there have already been nearly 305 million ransomware attempts in the first six months of 2021—a 151% increase from the previous year—and this number is expected to increase as new bad actors emerge.

Given the rising of ransomware and the latest threat targeting M&A deals, in-house legal teams must cultivate a heightened awareness and update all preventative measures around cybersecurity, emphasizing data protection. Let’s dive into the issue and how legal teams can eliminate vulnerabilities when it matters most. 

Ransomware: A Brief History 

The “new” ransomware-as-a-service phenomenon is a decades-old extortion tactic that has been carefully repackaged for our time. Despite a variety of unique approaches, the general principle of a ransomware attack has typically been the same: Utilize malicious software to infect the target’s operating system, and hold that system hostage until the target meets demands for payment. The method predates our modern use and understanding of the internet. Some trace the earliest ransomware offense back to a PC virus known as the AIDS Trojan, which was notoriously delivered to its targets via floppy disk in 1989. 

Fast-forward about twenty years to the emergence of cryptocurrencies like Bitcoin in 2010, which provided more viable means for cybercriminals to collect payments associated with ransomware attacks. In the absence of reliable encryption technology to protect the anonymity of attackers, ransomware was largely avoided by hackers for its relatively high-risk profile. By 2013, however, fully seizing the opportunity of anonymous payments provided by cryptocurrency, hackers had developed CryptoLocker, an advanced encryption-based ransomware strain that would ultimately become the blueprint for the increasingly sophisticated, widespread, and high-profile breaches we are witnessing today.

Since the emergence of CryptoLocker, the previously isolated (and rarely newsworthy) world of cybercrime has exploded into a sprawling industry of international crime that poses a significant threat to businesses, governments, and consumers around the globe. 

From Systems to Data

The introduction of cryptocurrency was crucial in boosting ransomware into the limelight among hackers. However, it is the phenomenon of digitalization in recent years that has allowed these attacks to become more dynamic. Because almost all institutions today are in control of high volumes of sensitive information, whether personal or professional, cybercriminals are no longer merely targeting the integrity of systems but also the data within. 

Recently, ransomware group REvil deployed ransomware to demand a $50 million ransom from the computer manufacturer, Acer, threatening to release sensitive data, including financial balances and spreadsheets. The staggering price tag of the ransom is one of the largest to date, but the Acer breach is only one example of what has become a new standard approach in the broader arsenal of cybercrime organizations. Plus, it speaks to the growing status of data as a valuable and vulnerable asset across industries. 

Understanding the value of data is critical for understanding the FBI’s announcement surrounding ransomware and M&A activity. Essentially, two main factors that make an M&A deal a prime target for a ransomware attack: 1) the apparent availability of capital, and 2) the importance of confidential data to the integrity of the deal. 

Cybercriminals are increasingly audacious when it comes to their ransom demands, so it comes as no surprise that many are interested in capitalizing on this year’s M&A boom, with global deal-making on course to reach a record-setting $6 trillion. Hackers are further incentivized by the fact that the M&A process involves the exchange of highly confidential information. The consequences for having such information leaked or destroyed can be devastating to the involved parties. 

At the very least, the leaking of compromised data could adversely affect the final closing price of the deal. In the worst of cases, it could dismantle the agreement altogether, expose valuable trade secrets, or even result in costly litigation related to the violation of emerging privacy laws. 

We have already seen the significant impact of a data breach on M&A activity. In 2017, Yahoo was forced to drop its price tag in a sale to Verizon by $350 million after disclosing the details of two cyber attacks. Importantly, the data breaches at Yahoo were not necessarily linked directly to the acquisition. It’s safe to assume on the basis of increased ransomware activity since 2017, in addition to the FBI’s notification, that cybercriminals intend to smarten up in their targeting of M&A activity in the future. 

EBOOK: The Executive Guide to Preventing and Surviving Data Breaches

What In-House Legal Teams Can Do 

Because legal teams are on the frontlines of any merger or acquisition, they must safeguard all contracts and sensitive data from the start. Beyond using software to protect their data, legal teams should view ransomware threats as an opportunity to review their legal operations, focusing on processes related to due diligence. How legal teams host, organize, and access their data is just as important as how the information is encrypted. Despite the rapid advancement of technology, many legal teams remain behind the curve when it comes to managing data in the digital age. 

Those that hang back from the digitalization of the industry risk becoming vulnerable due to organizational inefficiency. Any team will have a hard time protecting information if it is scattered throughout the organization across multiple departments and employees. In addition to being a serious liability as it relates to a potential cyberattack, this way of working is not a reasonable use of time and resources. 

It’s time for legal teams to explore modern solutions for managing contracts. By utilizing contract management software in-house teams benefit from having a single contract repository containing all relevant data. This goes a long way where security is concerned; not only is the data that needs protection effortlessly identified, but the platform itself already has built-in security features, such as end-to-end encryption of individual data and extensive network infrastructure safeguards. 

If you’re looking to address current or future cyber threats related to M&A activity, request a demo and find out how LinkSquares can help while making your team’s overall contract management process more efficient. 

Additionally, review this list of immediate recommendations by the FBI for securing data, and make all necessary adjustments wherever possible. Download the checklist here