While shocking to many, the reports that ALPHV/BlackCat tattled on one of its victims – MeridianLink – to the U.S. Securities and Exchange Commission (SEC) isn’t surprising in the ever-evolving ransomware economy. And the SEC found themselves in the unusual situation of being tipped off about the attack…by the attackers themselves.
I’ve always said that to predict what cybercriminals will come up with next, just follow the recipe of maximizing profit while minimizing time and effort, removing all morality, with a dash of “avoiding undue government scrutiny.” And this tactic fits right into the mold. It’s not new: the blackmailer threatens to expose their victim if they refuse to pay.
As the new SEC disclosure ruling comes into effect in December 15th, requiring that companies report “material” cybersecurity incidents within four days, expect this tactic to become the norm in ransomware attacks. The SEC will have an army of not-so-altruistic helpers.
Some will argue that this aggressive move could leave the group in the crosshairs of U.S. law enforcement agencies. Drawing unneeded attention to themselves isn’t wise if they are looking to keep the gravy train of profitability running. But I’m not convinced this would move ALPHV/BlackCat more in the federal government’s crosshairs than they already are; we have to assume the SEC or an associated agency is already monitoring dark web exposure sites to see what data gets posted by organiztions. ALPHV/BlackCat may simply confirm what the SEC already knows about.
Overall, it doesn’t makes sense to pay a ransom unless it’s a life and death situation. ..
Support the originator by clicking the read the rest link below.
