Ransomware attacks now come with SEC breach complaints
Thursday, November 16, 2023
In what could be called the ultimate hubris, the ALPHV/BlackCat ransomware group this week filed a U.S. Securities and Exchange Commission complaint.
Dr. Ilia Kolochenko, chief architect at application security firm ImmuniWeb, told SiliconANGLE that he wasn’t surprised. “Ransomware actors will likely start filing complaints with other U.S. and EU regulatory agencies when the victims fail to timely disclose their breaches,” he said. He predicts that the regulators will have to vet these complaints to ensure they represent a reportable event, “otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyze their work.”
The story shows screenshots of the SEC filings by the hackers, including confirmation of their submittal. Whether an actual breach had happened depends on resolving the different stories from the ransomware group and MeridianLink security managers. And even if the breach had happened, it’s not likely that MeridianLink was required to disclose it, since the rule for quick disclosure doesn’t go into effect until next month anyway. Read Full Article
ComputerWeekly: Ransomware gang grasses up uncooperative victim to US regulator
Infosecurity Magazine: Ransomware Group Reports Victim to SEC