Back in November 2021, the FBI issued a Private Industry Notification:

  • Ransomware threat actors are now specifically researching publicly available information to identify their next merger and acquisition targets
  • They are leveraging the time sensitive aspect due to the nature of the deal in order to pressure their victims into paying quickly
  • In a push to avoid leaking information to the public which could jeopardize the deal

The period before any acquisition or merger is sensitive for companies. For most larger transactions requiring a filing with the Federal Trade Commission, both the buyer and the seller must file forms and provide data about the industry and their own businesses.

By law, all information in a merger investigation is confidential, with very strict rules against disclosure.

Even smaller deals that do not require an FTC review that bring with it an exchange of sensitive, classified information about both parties that, if disclosed, could disrupt the deal, or result in competitive impact.