Recently, the ransomware group ALPHV, also known as BlackCAT, has taken a new approach by filing a complaint with the Security and Exchange Commission (SEC) against a victim who failed to disclose a cyber attack within the required timeframe. The victim in question is Meridian Link, a trading company specializing in tech solutions for financial institutions and banks. This action by BlackCAT signifies a concerning escalation in tactics employed by cybercriminals, as they now resort to publicly shaming their victims.
In the past, ransomware groups would typically encrypt a victim’s database until a ransom was paid. They then evolved to stealing sensitive data and threatening to release or sell it, putting pressure on the victim. Some even resorted to threatening the victim’s reputation among competitors, partners, or customers. However, the filing of a complaint with the SEC represents a new low in the tactics used by these criminal entities.
The SEC will review the complaint and assess its credibility, collaborating with law enforcement agencies to address the situation appropriately. ALPHV has further emphasized its audacious move by publishing a screenshot of the complaint form on a public Telegram channel. MeridianLink has acknowledged the authenticity of the data breach and expressed its intention to seek assistance from law enforcement. However, the company has not yet disclosed specific details about the breach, such as the timing of the attack, when it was identified, and the extent of data loss.
In conclusion, the use of the