The ALPHV/BlackCat ransomware operation has taken an unprecedented step in cyber extortion by filing a complaint against software company MeridianLink with the U.S. Securities and Exchange Commission (SEC). The complaint was filed due to MeridianLink’s alleged failure to comply with a new SEC rule requiring the disclosure of cyberattacks within four business days. This move by ALPHV/BlackCat marks a new level of pressure exerted on cyberattack victims.

MeridianLink, a publicly traded company specializing in digital solutions for financial institutions, was listed on ALPHV’s data leak site with a warning of an impending data release if a ransom demand wasn’t met within 24 hours. The ALPHV group claims to have breached MeridianLink’s network on November 7, obtaining sensitive data without encrypting the company’s systems. Despite attempts at communication, the group states they have not received a response from MeridianLink, leading to the SEC complaint.

The SEC recently mandated that publicly traded companies must report material cyber incidents within a specified timeframe. However, these rules are set to take effect on December 15, 2023. The ALPHV group has published a screenshot on their website showing the complaint submission to the SEC’s Tips, Complaints, and Referrals page, alleging that MeridianLink experienced a “significant breach” and failed to disclose it as required.

In response, MeridianLink acknowledged the cyberattack, stating that immediate action was taken to contain the threat, with ongoing investigations to determine if consumer personal information was compromised. They emphasized minimal business interruption and no evidence of unauthorized access to their production platforms.

This incident with ALPHV/BlackCat signals a shift in ransomware tactics, where groups are not only threatening victims with data leaks but also leveraging regulatory frameworks to exert additional pressure. It illustrates an evolving landscape in cybercrime, where compliance and regulatory aspects are becoming tools for cybercriminals to intensify their extortion schemes.