The FBI cybersecurity experts: ransomware gangs exploit events that could affect a victim’s stock value. They identify non-publicly available information, which they threaten to release or use as leverage during the extortion

Ransomware gangs use significant financial events and stock valuation to facilitate targeting and extortion of victims. It has been denounced by FBI cybersecurity experts in a Private Industry Notification (PIN). The cybercrime actors identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands. Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage them to target a network or adjust their timeline for extortion where access is established. In early 2020, a malware actor using the moniker “Unknown” made a post on the Russian hacking forum “Exploit” that encouraged using the NASDAQ to influence the extortion process. A November 2020 analysis of Pyxie RAT, that often precedes Defray777/RansomEXX infections, identified several keyword searches on a victim’s network indicating an interest in the victim’s current and near future stock share price.