FBI warns that ransomware scammers are timing hacks to target big business deals

Attackers are threatening to throw a wrench into major business deals.
New York Stock Exchange. (Alan Kotok/Flickr)

Companies planning big financial moves should be on guard for ransomware attacks, the FBI warned in an alert on Monday.

Ransomware hackers are “very likely” timing attacks to coincide with financial events, according to the alert, and will threaten to wreak havoc with investors if the victims don’t pay.

In order to pull off the targeted attacks, scammers first identify information that could threaten a victim’s stock value. For instance, between March 2020 and July 2020 two companies under private merger negotiations were infected with ransomware. The FBI also found that a hacking tool popular with ransomware actors was programmed with keyword searches related to stock prices, indicating that attackers were looking for specific information to leverage.

In April, the ransomware group known as DarkSide, which the FBI blamed for the Colonial Pipeline attack, detailed its efforts to go after victims actively trading on NASDAQ and other stock exchanges. “If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares,” the group wrote on its blog.


The FBI does not encourage the payment of ransom and encourages victims to report attacks to U.S. law enforcement.

Some research indicates that ransomware attacks may not budge stock prices as much as cybercriminals think. Researchers from Comparitech found that while share prices plummet an average of 22% immediately after an attack most stock prices bound back within 10 days.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts