Ransomware Gang Reports Victim to SEC for Concealing Cyberattack2

Claim Your FREE Cybersecurity Risk Assessment for peace of mind before leaving the office.

Ransomware Gang Reports Victim to SEC for Concealing Cyberattack

In a surprising move, a ransomware gang called ALPHV/BlackCat has lodged a complaint with the U.S. Securities and Exchange Commission (SEC) against one of their victims, MeridianLink. The issue at hand is MeridianLink’s failure to promptly report a cyberattack, here’s a simplified breakdown:

On November 7, 2023, ALPHV claimed to have hacked into MeridianLink, a company that provides digital services to banks and other financial institutions. They said they took data but didn’t lock MeridianLink out of their own systems.

Normally, when a company faces a significant cyberattack, they are required to notify everyone within four business days. This rule by the SEC was set to start on December 15, 2023. However, MeridianLink didn’t follow this rule according to ALPHV.

To get MeridianLink’s attention, the ransomware gang did something unusual. They put MeridianLink’s name on a list of companies they’ve hacked and threatened to release the stolen data unless MeridianLink paid a ransom within 24 hours.

When MeridianLink didn’t respond, ALPHV decided to escalate the situation. They officially complained to the SEC, accusing MeridianLink of experiencing a major breach and failing to disclose it, as they should have.

To demonstrate their seriousness, the ransomware gang shared a screenshot of the complaint they submitted to the SEC.

Source: BleepingComputer.com 
Source: BleepingComputer.com 

This case is unique because, in the past, ransomware groups would use different methods, like informing a company’s customers or calling them directly. By filing a complaint with the SEC, ALPHV/BlackCat has introduced a new tactic in the world of cyber extortion. 

The key lesson here is that, as cybersecurity threats become more sophisticated, companies must act swiftly to protect their data and report breaches promptly, as required by regulations. ALPHV/BlackCat’s complaint to the SEC underscores the importance of transparency when dealing with cyberattacks, even in the face of extortion attempts.

When was the last time you verified if your current IT Guy is doing all that they can for your Agency’s security? Schedule a FREE Risk Assessment HERE to ensure that your IT partner is meeting your security, cost-efficiency, proactivity, and network update requirements. Trust is essential, but verification ensures the reliability of your IT services provider for your business’s peace of mind.