skip to main content

Ransomware Risks Growing for Middle Market Acquisitions

Ransomware Risks Growing for Middle Market Acquisitions

In 2021, the World Economic Forum's Global Risks Report--which addresses things that can and might go wrong--rated cybersecurity failure as one of the top three highest likelihood risks of the decade. That same year, the risks were made abundantly clear to the United States when the Colonial Pipeline fell victim to a ransomware attack and impacted the national fuel supply.

Since then, ransomware targets have gotten smaller--and more frequent. The latest trend in these attacks centers around middle market acquisitions, where the true targets are the private equity firms in the deal. The appeal? A newly acquired company typically has access to more ready cash, tends to have less robust cybersecurity, and may offer a backdoor into the acquirer’s systems, according to principal Richard Peters of UHY Consulting.

One acquisition by a private equity firm in late 2021 fell victim to an attack and was locked out of its hardware systems. It ultimately cost the company over a million dollars to release it. “Because of the M&A and because of the publicity around that, it became a better target,” Peters said. “They’re watching. They know what’s going on in the news as well as any businessman out there.”

And it is not just acquisitions being targeted, he said. Ransomware groups have also targeted the mergers and acquisitions departments of law firms, possibly searching for intelligence.

As acquisition ransomware attacks continue to surge, cybersecurity is becoming a far more routine due diligence consideration, according to Peters. Weak cybersecurity posture may not be a deal breaker, but it is prompting acquirers to seek remedial measures.

UHY Consulting’s Cybersecurity specialists address cybersecurity as an enterprise business risk. We take a facilitated approach to determine the optimal assessment type, and we tailor each cybersecurity assessment engagement to the individual needs of our clients. Simply put, we translate IT risks into business risks and provide meaningful insight to your stakeholders – from the boardroom to the security engineer.


Wall Street Journal subscribers can read the full article published by Wall Street Journal.

Non-subscribers may request a copy of the article using the form on this page.


Please complete this form to hear from one of our innovative consulting professionals

Hide Firm Disclaimer


UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc., and its subsidiary entities. UHY Advisors, Inc.’s subsidiaries, including UHY Consulting, Inc., provide tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors” and “UHY Consulting”. UHY Advisors, Inc., and its subsidiary entities are not licensed CPA firms. UHY LLP, UHY Advisors, Inc. and UHY Consulting are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. “UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY LLP, UHY Advisors and/or UHY Consulting (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.