Title | Ransomware Gang Files SEC Complaint over Victim’s Undisclosed Breach | |
Date | Monday November 20 2023, @08:37AM | |
Author | hubie | |
Topic | ||
from the pay-up-or-we'll-report-you dept. |
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack:
Earlier today, the threat actor listed the software company MeridianLink on their data leak with a threat that they would leak allegedly stolen data unless a ransom is paid in 24 hours.
MeridianLink is a publicly traded company that provides digital solutions for financial organizations such as banks, credit unions, and mortgage lenders.
According to DataBreaches.net, the ALPHV ransomware gang said they breached MeridianLink's network on November 7 and stole company data without encrypting systems.
The ransomware actor said that "it appears MeridianLink reached out, but we are yet to receive a message on their end" to negotiate a payment in exchange for not leaking the supposedly stolen data.
The alleged lack of response from the company likely prompted the hackers to exert more pressure by sending a complaint to the U.S. Securities and Exchange Commission (SEC) about MeridianLink not disclosing a cybersecurity incident that impacted "customer data and operational information."
[...] In their own words, the attacker told the SEC that MeridianLink suffered a "significant breach" and did not disclose it as required in Form 8-K, under Item 1.05.
The SEC's new cybersecurity rules are set to take effect on December 15, 2023.
Originally spotted on Schneier on Security.
Related: Teens With "Digital Bazookas" Are Winning the Ransomware War, Researcher Laments
Links |
printed from SoylentNews, Ransomware Gang Files SEC Complaint over Victim’s Undisclosed Breach on 2024-12-07 08:43:29