Ransomware Groups Reports Its Own Victim of Not Reporting Attack
Ransomware
The Incident
The Ransomware group known as Alphv or BlackCat filed a complaint with the U.S. Securities and Exchange Commission (SEC) after the group claimed a company which they attacked and stole data from failed to report said attack. The alleged victim in this situation, MeridianLink, is a California-based, publicly-traded company that provides digital solutions to its customers including banks, mortgage lenders, and credit card companies. The data that the group claims to have stolen on November 7th includes customer and operational information, and the group is threatening to leak more data if the victim does not pay a ransom.
While MeridianLink should have reported the alleged attack if it did in fact occur, Alphv certainly had ulterior motives. This ransomware group reaching out to the SEC is not a sudden shift in morality, but rather meant to put pressure on MeridianLink to pay up.
The SEC’s Updated Requirements
The timing of this added pressure is certainly in favor of the cybercrime group, as the SEC recently updated their policy on Cybersecurity Risk Management. The new policy requires all companies to include a cybersecurity program plan in their 10-K filing; this rule goes on to include that all reporting of material cybersecurity incidents be made via the Form 8-K faster than previously required – within four days of determining that said incident was in fact significant or material. The updated “final rule” will become effective in mid-December of 2023, but this has clearly not stopped the ransomware group from tattling on their victim to the SEC in an attempt to get more eyes on the attack. Many ransomware groups have threatened to “tell” on a company for similar situations in the past, but this appears to be the first if not one of the first instances where the malicious actors followed through on such a threat.
MeridianLink Confirms Attack by Ransomware Gang
Update: MeridianLink confirmed the cyber attack in a statement to BleepingComputer, in which they stated that the threat was identified and isolated and then subsequently investigated by a third-party team of experts. It is still unknown if the attack on their systems included customer’s PII but they plan to notify any impacted customers immediately following a discovery that indicated such.
Protect Yourself Against Ransomware
Ransomware affects businesses of all sizes and across all industries. While risk can never be fully taken out of the equation, there are steps that can be taken to minimize the risk and threat to your company. Be sure to implement strong cybersecurity defenses and incident response plans in order to prevent and handle an attack. Here are some tips to assist with this feat:
Educate Employees – Employees without any knowledge on cybersecurity best practices and expectations are without a doubt, a company’s weakest cybersecurity link. However, empower these employees with your business’s expectations on cybersecurity best practices and on common threats, password hygiene, and more and they become your strongest asset in defending your business.
Utilize a Firewall – A firewall helps to filter in the good, legitimate traffic to your site while filtering out the bad, malicious traffic that comes from hackers online. Using a firewall adds an extra layer of protection for you, your business, and your customer’s vital information.
Keep Systems and Devices Up-To-Date – One of the main ways malicious actors find their way into a company’s systems is by finding a vulnerability that has not been patched or updated and using that as their entry point into the whole network. Avoid leaving the backdoor or window open for cybercriminals by keeping all of your devices up-to-date. If devices are no longer necessary for your operations, salvage them so as to avoid leaving a pathway open for the attacker.
Image by starline for Freepik.
