The well-known ALPHV/BlackCat ransomware gang is now also taking legal action against its victims by filing complaints with regulators. An American company was recently affected by this novel strategy.
The ALPHV/BlackCat ransomware gang is known for its aggressive extortion methods, but has recently added a whole new dimension to it. Nowadays, the ransomware gang has started threatening legal action from government authorities, such as the U.S. securities regulator SEC, if victims do not pay up quickly.
Complaint to SEC
Recently, ALPHV/BlackCat filed a legal complaint with the SEC accusing its victim, software company MeridianLink, of not complying with the measure for reporting a cyber attack within four days. If the SEC takes serious action on this, the company in question could face a hefty fine for doing so.
The ransomware gang took this remarkable action because the affected software company failed to comply with the payment deadline set by ALPHV/BlackCat. To prove that one had indeed submitted this request to the SEC, the cybercriminals published the contribution to the SEC online.
Tightening reporting rules
The SEC recently tightened the requirements for reporting cyber attacks by (publicly traded) companies due to the recent increase in ransomware attacks.
Incidentally, the tightened regulations do not go into effect until Dec. 15 of this year, but thus did not deter ALPHV/BlackCat from taking the legal step.
MeridianLink has since confirmed the attack. The company’s Web page is currently down, and they are investigating whether sensitive data was captured in the process.