cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericgeater
Community Champion

Ransomware group rats out corporate noncompliance

Yes, ALPHV are still the bad guys here.  Apparently they're willing to poke breach victims who (for whatever reason) don't follow the correct governance practices.

 

AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2) (databr...

(edited to ensure that ALPHA still looks like the bad guys)

-----------
A claim is as good as its veracity.
3 Replies
Early_Adopter
Community Champion

Now they have a bit more fear on their side…
dcontesti
Community Champion

So more viciousness and more folks potentially fired?

 

We have half the story......wonder what the ransom was on this one even though no data was encrypted?

 

Pay us or we will report you to the SEC?

 

Actually wonder if Basket Weaving pays well??????

 

 

Early_Adopter
Community Champion

If you remember ransomeware started out with threats to reveal a supposed activity.

Fake AV programme that charged a fee to let you have a computer back and working was improved by encryption of data and charging a fee to get it back, and of course the reputation that you’d get the data on payment(complete with friendly and competent tech support), was super good at collecting the ransom.

There have been cases of locking the hotel rooms via the keycard system and others -so ransomeware as we call it is really a malicious enterprise business application and toolkit - I’ll decrypt your data, get more residuals in selling secrets and personal data, threaten with disclosure - all I guess considered as reasonable methods by the people living this lifestyle. Of course the calculus requires that someone is pushed into the action - restore the service incident is one option, verses all the horrific fallout that can happen to you and your team if you don’t comply to a threat to reveal x,y,z. As an example many folk in FSI are terrified of regulators, external audit and internal audit and you can see this driving irrational behaviour in meeting and calls on these things before you add an external threat to disclose.

Taking the high ground by pretending to care and reporting the target’s failure to disclose is novel, and we’ll probably they don’t get money but they can always tell anyone else “Well, the SEC would be interested in these three reputable breaches we found… oh you we do an involuntary filing service to ease your conscience for you… What you don’t want to avail yourself of it…? Most irregular, but look we have a subscription plan for this… yeah you can send us personal Bitcoin absolutely! We support Monero and Muskcoin as well and if you’re interested you might as well join the rewards programme.”

Basket weaving pays very little, however I believe that you can retail high-quality artisanal wicker storage solutions at Cracker Barrel.