Ransomware Group Files SEC Complaints

12296541079?profile=RESIZE_400xA well-known ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself. 

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, https://www.meridianlink.com  a California-based company that provides digital lending solutions for financial institutions and consumer data verification solutions.[1]

See:  https://redskyalliance.org/xindustry/blackcat-tools-impacket-remcom-1

The cybercriminals claim to have stolen a significant amount of customer data and operational information belonging to MeridianLink, and they are threatening to leak it unless a ransom is paid.  To increase its chances of getting paid, the malicious hackers claim to have filed a complaint with the SEC against MeridianLink, accusing the company of failing to disclose the breach within four business days, as required by rules announced by the agency in July 2023.

The new rules introduce mandatory cyber-incident reporting requirements for all U.S.-listed companies. Domestic issuers must disclose material cybersecurity incidents in Form 8-K filings, and private foreign issuers must submit Form 6-K filings to disclose material cyber incidents.

The new rules state that issuers must disclose cybersecurity incidents determined to be material by the company.  This requirement is similar to the materiality standard for other 8-K disclosures under US securities laws.  Issuers must disclose the material impact of the incident on the company’s financial condition and its operations.  Disclosures must be filed within four business days after a company determines that it has experienced a material cyber-incident.

BlackCat published screenshots on its leak website on 15 November 2023 to show that the SEC filed and received the complaint.  This appears to be the first time a ransomware group has filed an SEC complaint against one of its victims.

The hackers reported that the attack against MeridianLink, which allegedly did not involve file-encrypting ransomware, only data theft, was conducted on 07 November 2023 and was discovered the same day.   A spokesman from MeridianLink stated that the intrusion occurred on 10 November 2023.  “Upon discovery on the same day, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident.  Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption,” the company said, adding that it cannot share further details due to its ongoing investigation.

It is worth mentioning that the new SEC data breach disclosure rules will only go into effect in mid-December 2023.  In addition, companies will be required to notify the SEC within four business days of determining that a cybersecurity incident is material to investors, which, based on MeridianLink’s statement, has yet to happen.

BlackCat has been one of the most active ransomware operations. It is not uncommon for the group to try new methods for convincing targets to pay up, including by setting up dedicated leak websites for individual victims.


This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, a demo, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings



[1] https://www.securityweek.com/ransomware-group-files-sec-complaint-over-victims-failure-to-disclose-data-breach/


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!