Source: Private Equity Is a Big Target for Ransomware Attacks – Bloomberg. Scammers are looking for victims with weak security and deep pockets. Many companies owned by buyout shops fit that bill.
Norm Hullinger was heading into work one day in October when he got a call that his company’s network was acting up. It was no simple glitch. Hackers had started freezing the data of Alphabroder, a sportswear distributor. They wanted more than $3 million to restore it. Grappling with whether to pay, Hullinger, the chief executive officer, embarked on a journey that’s increasingly familiar to law firms, hospitals, and cities that have found themselves on the other end of negotiations with ransomware criminals.
Even as experts raise alarms about the spread and increasing sophistication of such attacks, incursions on companies such as Hullinger’s have remained almost entirely out of the public view. That’s likely because a private equity firm, Littlejohn & Co., owns the business. Since private equity firms rely on their reputations as savvy investors to woo pension funds, wealthy individuals, and other clients, they aren’t keen to publicly admit that they or one of their companies has been hit by a ransomware attack.
“Most of the time with ransomware attacks, private equity firms don’t report it,” says Dan Burke, who heads the national cyber practice at insurance brokerage Woodruff Sawyer. “There’s under-reporting due to reputational damage.”
According to more than a dozen experts in cybersecurity, private equity, and insurance, ransomware attackers see the companies in private equity portfolios as rich targets. After all, the owners have deep pockets. At the same time, they’ve generally bought the companies with the goal of raising profits, and this often results in lean cybersecurity operations. Best of all for the attackers, these people say, targets aren’t hard to find: Private equity firms themselves have detailed disclosure requirements, and when they acquire a company, they often announce it with a press release.
To read more… Private Equity Is a Big Target for Ransomware Attacks.