BlackCat hacks company, reports victim to SEC
Thursday, November 16, 2023
Ransomware gang BlackCat has filed a complaint with the US financial regulator the Securities and Exchange Commission (SEC) against one of its own victims for failing to report a breach. The move appears to be a ploy to make the company involved, MeridianLink, comply with a ransom demand.
It was inevitable that cybercriminal groups would begin to use data breach notification requirements to exert added pressure on their victims to pay ransoms more promptly, explains Dr Ilia Kolochenko, the CEO of cybersecurity firm ImmuniWeb. “Having said that, not all security incidents are data breaches, and not all data breaches are reportable data breaches,” Kolochenko told Tech Monitor. “Therefore, regulatory agencies and authorities should carefully scrutinize such reports and probably even establish a new rule to ignore reports uncorroborated with trustworthy evidence. Otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyze their work.”
This is not the first time that a cybercrime gang has claimed to report its victims to regulators for failing to disclose breaches in good time. Read Full Article
20 minutes: Cybersécurité: plus de trois mois pour colmater une faille
SC Media: European reaction to Biden’s Executive Order on AI