Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.
AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.
https://spinsafe.com/wp-content/uploads/2023/11/Data-security-767x633.jpg633768SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-11-27 23:30:062023-11-27 23:30:06In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack
While ransomware is a sad modern reality (and risk) for both businesses and individuals, for the former it’s particularly tempting, wherever possible, to not actually disclose to the public when they have been the victim of a cyber security attack. In fact, with many cyber security insurance policies offering to just pay whatever ransomware fee necessary, in many respects hushing up such incidents can be both convenient and easy.
Following a report via TheRecord, however, the UK is set to introduce a new law which will ultimately require any business subjected to a ransomware attack to publically disclose the incident or potentially face fines of up to £17M.
UK to Crack Down on Ransomware Cover-Ups!
The new law would specifically look to target MSPs (managed service providers) but will essentially try to stop what we suspect are alarmingly high instances of businesses simply paying ransomware fees and then quietly hushing the matter up. And make no bones about it, this happens a lot as only last month information appeared online showing that cyber security insurance premiums were doubling each year due to payments being issued to these criminal organisations to stop the leak of sensitive information.
With this new law, however, all ransomware attacks will have to be publically declared, and more so, failure to do so will result in either the MSP or business being hit with anything up to a £17M fine!
The overall hope, from a general consumer level, is that with ransomware attacks having to be declared, this will (hopefully) prevent businesses from not only attempting to protect their public image by paying the fee and keeping their mouths shut, but also their efforts to hide when their potentially incredibly sensitive data (such as information on its customers) may have been compromised. – And a side bonus, of course, is that with such declarations having to be made, this may stop them from, you know, actually paying the ransomware criminals.
I mean, to me, this is literally the definition of feeding the beast that’s trying to kill you!
What do you think though? – Let us know in the comments!
https://spinsafe.com/wp-content/uploads/2022/12/2-compressed-1-1.jpg493880SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-12-04 06:30:062022-12-04 06:30:06UK to Introduce New Law Mandating Businesses to Disclose All Ransomware Attacks
A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington.
Automatic Funds Transfer Services (AFTS) is used by many cities and agencies in Washington and other US states as a payment processor and address verification service. As the data is used for billing and verifying customers and residents is wide and varied, this attack could have a massive and widespread impact.
The attack occurred around February 3rd when a cybercrime gang known as ‘Cuba ransomware’ stole unencrypted files and deployed the ransomware.
The cyberattack has since caused significant disruption to AFTS’ business operations, making their website unavailable and impacting payment processing. When visiting their site, people are greeted with a message, stating, “The website for AFTS and all related payment processing website are unavailable due to technical issues,” as shown below.
Automatic Funds Transfer Services (AFTS) website
BleepingComputer discovered that the attack was conducted by a cybercrime operation known as ‘Cuba Ransomware’ after the hackers began selling AFTS’ stolen data on their data leak site.
Like other human-operated ransomware, Cuba will breach a network, spread slowly through servers while stealing network credentials and unencrypted files, and finally end the attack by deploying the ransomware to encrypt devices.
According to the data leak page, the Cuba gang claims to have stolen “financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.”
Cuba ransomware data leak page for AFTS
If the ransomware gang cannot find a buyer for the data, they will likely release it for free, allowing the data to be used by other threat actors.
Affected cities and agencies
Due to the large amount of potential data allegedly stolen by the Cuba Ransomware operation, cities utilizing AFTS as their payment processor or address verification service have begun disclosing potential data breaches.
The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN…
