Ransomware Attackers Begin To Eye Midmarket Acquisition Targets

With all the M&A activity in the PEO space these days, I found this article from the WSJ highly relevant. Sadly, no one is safe from a cyber attack. One can not put cyber coverage on the back burner.

Hackers see companies with private equity, venture capital ties as lucrative targets

About two months after it was bought in the fourth quarter of 2021 by a private-equity firm, a midsize manufacturer had to pay a ransomware group that had locked up its hardware systems.

It cost the company about $1.2 million to have its systems released, paid to a group suspected of links to the Russian ransomware group REvil, said Richard Peters, a cybersecurity expert at consulting firm UHY LLP. He couldn’t name the company, a client, for confidentiality reasons.

The attack fit an increasingly familiar pattern, as ransomware groups are turning their attention to midmarket acquisition targets, presenting a risk for private equity, venture capital and other deal makers that often invest in such businesses.

“Because of the M&A and because of the publicity around that, it became a better target,” Mr. Peters said. “They’re watching. They know what’s going on in the news as well as any businessman out there.”

While hacks involving large, deep-pocketed targets draw the most public attention, ransomware groups are targeting midsize companies that have, or are about to have, a deep-pocketed owner like a private-equity firm. A newly acquired company typically has access to more ready cash, tends to have less robust cybersecurity, and may offer a backdoor into the acquirer’s systems, Mr. Peters said.

With ransomware attacks surging in recent years, U.S., British and Australian authorities have noticed a shift toward smaller targets over the past year.

After a spate of strikes against so-called “big game” targets such as the 2021 attack on Colonial Pipeline Co., ransomware groups started striking smaller targets, according to a report published in February by the Federal Bureau of Investigation, other U.S. agencies and counterparts in Australia and the U.K.

Midsize companies are a minority of all companies attacked, but their average payout exceeds $1 million, according to a February report by Coveware Inc., a ransomware responder group. Ransomware attackers see them as a stable source of payments without the geopolitical risk that comes with hitting up a major company, Coveware said, citing an interview with a hacker.

Deal targets in particular are “low-hanging fruit,” said Jeremy Swan, a managing principal at advisory firm CohnReznick LLP who works with private-equity managers.

“We’ve started looking at the data, and have definitely seen a correlation between attacks and deal announcements,” Mr. Swan said. “And then attacks concentrated around a portfolio.”

“It’s really been across the board: manufacturing businesses, healthcare businesses, technology businesses, consumer-oriented businesses,” Mr. Swan added.

For private-equity firms that put cybersecurity on the back burner, the effect of a ransomware attack on a portfolio company can be potentially ruinous. If one portfolio company has weak security, attackers might systematically move through a firm’s entire roster, Mr. Swan said.

Ransomware groups have also started targeting the mergers and acquisitions departments of law firms, possibly searching for intelligence, UHY’s Mr. Peters said.

The growing number of attacks linked to private-markets acquisitions are making cybersecurity a far more routine due-diligence consideration, Mr. Peters said. Though cybersecurity considerations tend not to derail deals outright, weak cybersecurity in an acquisition target often leads acquirers to seek remedial measures, he said.

Some investors now are pushing for better cybersecurity practices across their portfolios.

“This housekeeping from a cybersecurity perspective needs to be done—before you’re on the radar, before you announce a large round of capital—because at that point in time, you will become a target,” said Ruth Foxe Blader, a partner at the venture-capital firm Anthemis Group. “We see this emerging risk as something that all companies are going to have to become much more aggressive about.”

Source: WSJ / Author: Richard Vanderford (richard.vanderford@wsj.com)

https://www.wsj.com/articles/ransomware-attackers-begin-to-eye-midmarket-acquisition-targets-11646130601

Join the Conversation on Linkedin   |   About PEO Compass

Contact Professional Employer Organization (PEO) Expert, Sharlie Reynolds

Sharlie Reynolds is the Executive Vice President of Libertate Insurance Services, LLC and RiskMD, which reports into the overall Ballator Insurance Group family of companies.  She has been with the company since its inception in 2014. Prior to joining Libertate, Sharlie served several different service and sales capacities at Risk Transfer Programs, LLC.  Learn more about Sharlie.

Specializing in PEO Services: Workers Compensation, Mergers & Acquisitions, Data Management, Insurance Focus on: Employment Practices Liability (EPLI), Cyber Liability, Health Insurance, Occupational Accident, Business Insurance, Client Company, Casualty and Disability Insurance.

Previous
Previous

NAPEO Brings Industry Risk Managers Together to Discuss Cyber

Next
Next

Benchmarking COVID workers' compensation claims in California