Ransomware gang files SEC complaint over victim’s undisclosed breach::The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
Discovery has to occur to have that info floating around.
The ransom gang is not going to show up in court of comply with any cour orders. They are just filing this as part of a pressure campaign on their victims. “Pay us quickly and no one will ever know. Don’t, and we will make this very public and get you fined by the government too.”
Frankly, I applaud the move. It might actually make companies comply with the SEC mandates just to eliminate this part of the ransomware threat. I think it undermines ransomware groups negotiating positions, but I’m glad to let them make mistakes.