While cyberattacks targeting large, high-profile companies typically garner the most attention and media coverage, ransomware groups have begun targeting midsize companies that have or are soon to have a new well-heeled private equity owner. Ransomware groups apparently consider newly-acquired companies appealing targets because they often have access to cash and sometimes offer a backdoor into the acquirer’s system. How do ransomware groups identify these targets? According to an article published in the Wall Street Journal, by reading press releases from private equity firms announcing their new investments.
The WSJ reports that industry experts have “definitely seen a correlation between attacks and deal announcements,” which can then lead to attacks “concentrated around a portfolio.” The cybercriminals are apparently industry-agnostic, as their attacks have hit businesses in the manufacturing, healthcare, and technology spaces, as well as more consumer-focused businesses.
According to the WSJ, the average ransomware payout for midsize companies exceeds $1 million. Many companies choose to pay the ransom to regain control of their systems and avoid having their sensitive data trafficked on the dark web. Ransomware groups are counting on the fact that private equity investors would prefer to stroke a $1 million check than contend with the potential negative publicity often associated with a data breach.
Going forward, private equity firms will need to balance the value of publicizing an investment with the risk of making a target out of a new portfolio company.
Nixon Peabody’s Cybersecurity & Privacy Team has considerable experience helping companies respond to ransomware and other types of cyberattacks.