For the first time, an activist investor has questioned the efficiency of the management of a listed business over a cybersecurity crisis among other things.
In an open letter to the shareholders of an American business process automation company Exela Technologies, private equity firm X LLC’s owner Ramy El-Batrawi has alleged that the company failed to effectively address several issues including a recent ransomware attack.
The cybersecurity breach the company experienced in June 2022 necessitated taking “significant components of the company’s operational and information technology systems offline for an extended period”. This resulted in “the company’s failure to timely file its quarterly report on Form 10-Q for the period ended June 30, 2022,” according to the investor.
“We believe what (is) happening in the Exela Boardroom is highly questionable and deserving of scrutiny. In over 30 years investing in and managing public companies, including as a CEO, I have rarely seen a situation such as the one at Exela, where the Board and senior management has shown such disregard to their shareholders, even as their mismanagement has seriously damaged shareholder value,” El-Batrawi wrote in the letter.
“In my opinion, their actions have been, at least, grossly negligent and may well cause the company to lose its valuable listing on the NASDAQ Stock Market.
Activist investors and cybersecurity
An activist investor, either a fund or an individual shareholder, is a significant minority shareholder in a publicly traded company who bought the stake to change the company’s operations.
The goals of an activist investor may vary, from advising a company management on its operations, to forcing the sale of the company, divestiture, restructuring, or replacing the board of directors. The common issues activist investors raise include executive pay, business deal valuation, and board governance.
Activist investor Gabriel Grego, best known for his short-selling campaigns, was in the news when he purchased a stake in Sun Corporation, is an Israeli cybersecurity business that trades on Japan’s JASDAQ Securities Exchange. However, this is the first time an activist investor has questioned a company’s cybersecurity crisis management.
Hive ransomware attack
Exela Technologies was in the cybersecurity news when Hive ransomware group listed the company in its leak site, which showed that the group encrypted the company data on 20 June and, presumably after failed ransom negotiations, disclosed the details on 13 July.

Hive ransomware was first observed in June 2021. The group has been in cybersecurity news since then, with Tata Power as its latest victim. According to the FBI, the group might be operating as an affiliate-based ransomware, employing a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation.
“Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network,” said the FBI alert on the group.
“After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, HiveLeaks.”