When a top mob boss turns his co-criminals over to the authorities, the US Federal Bureau of Information labels him a ‘stool pigeon.’ Similarly, the AlphaV ransomware gang is turning informer, not on its rivals but on its victims.
In what is a likely portent of things to come, the gang has had the nerve to inform on MeridianLink (MLNK) to the United States Securities and Exchange Commission (SEC) for being slow to report a ransomware attack that they themselves had initiated earlier in the month. Although the SEC ruling making it mandatory to report “material” cyber-attacks within four business days does not come into force until mid-December, AlphaV saw fit to shop MeridianLink to the SEC.
“It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules,” wrote AlhaV, according to DataBreasches.net.
Ransomware gangs given additional leverage
It would appear that the SEC may have inadvertently handed additional leverage to ransomware gangs intent on exerting maximum pressure on their victims. As with a real-world kidnap demand, ransomware gangs always try to rush their victims into paying up as quickly as possible. Some of the latest techniques include releasing the sensitive information piecemeal until the ransom is paid in cases of slow or non-compliance with their demand that money be paid immediately into an anonymous crypto-currency account.
In this case, AlphaV’s victim, digital-lending platform MeridianLink, was seen to be non-cooperative in submitting to the ransomware gang’s demands – hence the tip-off to the SEC. There has been no reported interaction between the attackers and the firm, and the tip-off can, therefore, be seen as a malicious act by the cyber criminals. But this technique will undoubtedly be adopted more broadly when the SEC rulings come into full force later this year.
“MeridianLink recently identified a cybersecurity incident that took place on Nov 10. Upon discovery on the same day, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident. Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption,” said a spokesperson for MeridianLink.
