M&A Deal Exposes Cloud Services Provider to Ransomware
RYUK Ransomware has hit a cloud service provider (CSP) that works closely with MSPs. The limited attack, which was contained and mitigated, hit a data center system that the CSP acquired through M&A, MSSP Alert reports.
The attack is a timely reminder for MSPs and CSPs to boost their cyber due diligence during all merger and acquisition (M&A) dealings.
The highest-profile attack tied to an M&A deal likely involves Marriott and Starwood Hotels. After Marriott acquired Starwood, the Starwood business discovered a breach that cost $28 million to clean up.
Amid that reality, numerous consulting firms now offer cyber assessments specifically designed for M&A due diligence. Examples include Kroll, which offers a Framework for Cybersecurity Due Diligence that is designed for M&A participants.