BlackCat/ALPHV Ransomware Files SEC Complaint Against MeridianLink

Written by Andrew Doyle

November 16, 2023

BlackCat/ALPHV Ransomware Files SEC Complaint Against MeridianLink

In a bold move, the ALPHV/BlackCat ransomware group has escalated its tactics, filing a complaint with the U.S. Securities and Exchange Commission (SEC) against MeridianLink, a digital solutions provider for financial institutions. The ransomware actors accuse MeridianLink of failing to disclose a cyberattack within the stipulated four business days, as required by the SEC’s new rules.

The saga began when ALPHV targeted MeridianLink’s network on November 7, stealing company data without encrypting systems. The ransomware group claims that despite the breach, MeridianLink did not initiate communication for ransom negotiation. In response to this alleged silence, ALPHV listed MeridianLink on its data leak site, threatening to expose the stolen data unless a ransom was paid within 24 hours.

To intensify the pressure, ALPHV took an unprecedented step by submitting a complaint to the SEC, asserting that MeridianLink failed to disclose a “significant breach” in accordance with SEC guidelines. Screenshots of the submitted complaint were posted on ALPHV’s website to validate their action.

BlackCat/ALPHV Ransomware Files SEC Complaint Against MeridianLink
Screenshot of the SEC Complaint Filed Against MeridianLink (source: securityweek)

MeridianLink, a publicly traded company, confirmed the cyberattack but denied commenting on the ransomware gang’s assertions or the SEC report. The company stated that it immediately responded to contain the threat and engaged third-party experts for an investigation. As of now, MeridianLink claims no evidence of unauthorized access to production platforms, with minimal business interruption.

Notably, the SEC’s new rules on cybersecurity incident reporting are set to take effect on December 15, 2023. ALPHV’s complaint, therefore, precedes the formal implementation of these rules, creating a unique situation for both the ransomware group and its victim.

Experts, such as Guillermo Christensen from law firm K&L Gates, view this move by ALPHV as a strategic evolution in ransomware tactics to increase pressure on victims. The group’s willingness to involve regulatory bodies signifies a shift in the landscape of cyber extortion.

This incident marks another chapter in ALPHV’s notorious cybercrime activities. The group gained notoriety for a social engineering attack on MGM Resorts in September. As the cybersecurity community grapples with these evolving tactics, it raises critical questions about the preparedness of organizations facing increasingly audacious ransomware threats.

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!