Warning: Your Ransomware Hacker Might Snitch on You to the SEC

BlackCat / ALPHV ransomware hackers have adopted a new strategy in trying to intimidate their alleged data breach victims.

The ALPHV/BlackCat ransomware group has delivered a low-blow to one of its victims, informing the U.S. Securities and Exchange Commission (SEC) that the company affected failed to disclose the data breach within the required four-day window.

The victim is a company called MeridianLink, which is a publicly traded entity that provides a loan origination system and digital lending platform to financial institutions.

It’s thought that the disclosure of the breach by the Blackcat/ALPHV group was due to an lack of compliance by the victim with the ransom terms. The hackers revealed the data breach via the SEC complaints form yesterday and gave MeridianLink an extra 24 hours to cough up, after which time they have threatened to leak the data.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.See deal button

Meridian Ransomware Attack Timeline

According to DataBreaches.net, the ALPHV ransomware operation claimed responsibility for the breach back on November 7.

At the time, the cybercrime gang threatened to leak the supposedly stolen data unless a ransom was paid in 24 hours. Despite the hack taking place over a week ago, no data appears to have been leaked yet.

The threat actor said that they have not yet heard from MeridianLink regarding a payment in exchange for not releasing the alleged stolen data. The supposed lack of response from MedianLink is likely what led to the Black Cat hackers submitting the a complaint to the SEC disclosing details of the breach that impacted “customer data and operational information.”

Criminals Weaponizing the Law

The SEC disclosure highlights that MeridianLink failed to meet the four-day deadline as required in Form 8-K, under Item 1.05. However, according to Reuters, this law doesn’t come into effect until December 15 2023, so the company may have a get out of jail free card.

A screenshot of the complaint was recently published on the ALPHV website in a bid to show legitimacy, as well as the automated response from the SEC. The caption of the screenshot read: “MeridianLink fails to file with the SEC…so we do it for them + 24 hours to pay”.

It’s thought that this SEC complaint is the first confirmed case of a threat actor using the law as a means to further extort or apply additional pressure to ransomware victims. Generally, ransomware hackers prefer trying to intimidate their victims by threatening to expose the hack to customers, rather than government gatekeepers.

MeridianLink Downplays Data Breach Claims

MeridianLink has addressed the breach to BleepingComputer.com, saying that it is still investigating whether personal data related to its customers was stolen.

MeridianLink said: “Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption.”

It added that it will notify anyone affected as and when more definitive information becomes available.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Abby Ward is a contributor at Tech.co and freelance search engine marketing (SEM) specialist. Since graduating from Kingston University London in 2015 with Bachelor's degree in Journalism with French, she has worked in many areas of digital marketing including website management, SEO, and paid media. Her specialist topics span her professional and personal interests in search social media, ad-tech, education, food & beverage, hospitality, and business.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals