www.scmagazine.com
Open in
urlscan Pro
2606:4700:20::ac43:45e3
Public Scan
Submitted URL: https://email.semperis.com/MjM5LUNQTi04NTEAAAGQMhX9K4tKYnHsrxJNwPxqcPQgKQuQosWL2wMI8cQDsq7ylRrS1qmWAjMJHiE96Znwitp479w=
Effective URL: https://www.scmagazine.com/perspective/alphv-blackcat-reporting-to-the-sec-could-become-the-new-normal-for-ransomware-opera...
Submission: On December 26 via api from ES — Scanned from ES
Effective URL: https://www.scmagazine.com/perspective/alphv-blackcat-reporting-to-the-sec-could-become-the-new-normal-for-ransomware-opera...
Submission: On December 26 via api from ES — Scanned from ES
Form analysis 1 forms found in the DOM
<form class="w-100" scmag-registration="set">
<div class="my-2 font-sans"><label class="visually-hidden form-label" for="email">Business Email</label><input placeholder="Business Email*" required="" type="email" id="email" class="fs-7 text-black p-3 form-control" value=""></div>
<div class="fs-9 my-4">
<p>By clicking the Subscribe button below, you agree to SC Media <a class="text-underline" href="/terms-and-conditions" data-feathr-click-track="true" data-feathr-link-aids="60071024bdb3f8d0470da8d6">Terms and Conditions</a><span> and
</span><a class="text-underline" href="/privacy-policy" data-feathr-click-track="true" data-feathr-link-aids="60071024bdb3f8d0470da8d6">Privacy Policy</a>.</p>
</div><button type="submit" class="btn btn-primary">Subscribe</button>
</form>Text Content
Log inRegister CISO Stories Topics Events Podcasts Research Recognition Leadership About ADVERTISEMENT Ransomware, Government Regulations ALPHV/BLACKCAT REPORTING TO THE SEC COULD BECOME THE ‘NEW NORMAL’ FOR RANSOMWARE OPERATORS Sean Deuby November 20, 2023 Ransomware gang ALPHV/BlackCat reportedly claims it has “unseized” its leak site from the FBI and will now allow affiliates to target critical infrastructure. (Stock Photo, Getty Images) While shocking to many, the reports that ALPHV/BlackCat tattled on one of its victims – MeridianLink – to the U.S. Securities and Exchange Commission (SEC) isn’t surprising in the ever-evolving ransomware economy. And the SEC found themselves in the unusual situation of being tipped off about the attack…by the attackers themselves. I’ve always said that to predict what cybercriminals will come up with next, just follow the recipe of maximizing profit while minimizing time and effort, removing all morality, with a dash of “avoiding undue government scrutiny.” And this tactic fits right into the mold. It’s not new: the blackmailer threatens to expose their victim if they refuse to pay. As the new SEC disclosure ruling comes into effect Dec. 15, requiring that companies report “material” cybersecurity incidents within four days, expect this tactic to become the norm in ransomware attacks. The SEC will have an army of not-so-altruistic helpers. Some will argue that this aggressive move could leave the group in the crosshairs of U.S. law enforcement agencies. Drawing unneeded attention to themselves isn’t wise if they are looking to keep the gravy train of profitability running. But I’m not convinced this would move ALPHV/BlackCat more in the federal government’s crosshairs than they already are; we have to assume the SEC or an associated agency is already monitoring dark web exposure sites to see what data gets posted by organiztions. ALPHV/BlackCat may simply confirm what the SEC already knows about. ADVERTISEMENT Overall, it doesn’t makes sense to pay a ransom unless it’s a life and death situation. In fact, most companies that pay the ransom fall victim a second and third time. There are legal consequences as well: in 2021, a family in Mobile, Ala., sued a hospital claiming they failed to notify them about a ransomware attack that took medical equipment offline and disrupted services. Tragically, a baby died and the family claimed in its lawsuit the death was the result of medical equipment being offline because of the ransomware attack. When ransomware attacks make headlines, it’s important to remind victims that there’s light at the end of tunnel. Make no mistake, ransomware attacks can cripple some organizations. But in a target-rich environment, defenders can make it difficult enough for ransomware operators that they search for softer targets to hit. Organizations need to know what their critical systems are (including identity infrastructure such as Active Directory) before attacks occur and build resiliency into them. Prepare for the inevitable, because 90% of organizations have experienced at least one ransomware attack in the last two years. By preparing in advance, defenders can make their organizations so difficult to compromise that hackers will look for softer targets. Sean Deuby, principal technologist, Semperis Sean Deuby RELATED Cloud Security 2023 REWIND: THE YEAR IN CYBERSECURITY SC StaffDecember 22, 2023 How SEC rulings, generative AI, ransomware and cloud adoption raised the security stakes over the past 12 months. Malware NOVEL MALWARE LEVERAGED IN ATTACKS AGAINST DEFENSE ORGS SC StaffDecember 22, 2023 Organizations in the defense industrial base industry are having their employees targeted by Iranian nation-state threat operation APT33, also known as Peach Sandstorm, Refined Kitten, or HOLMIUM, in attacks involving the novel FalseFont malware, BleepingComputer reports. Phishing RUSSIAN FIRMS SUBJECTED TO NEW CYBERESPIONAGE CAMPAIGN SC StaffDecember 22, 2023 New phishing attacks leveraging lures related to the ongoing war between Russia and Ukraine have been deployed by state-sponsored cyberespionage group Cloud Atlas against a Russian state-owned research firm and an agro-industrial enterprise, according to The Record, a news site by cybersecurity firm Recorded Future. RELATED EVENTS * Cybercast RANSOMWARE ATTACK LESSONS, FROM MOVEIT AND DOUBLEDRIVE TO MGM/CAESARS Wed Jan 10 * Cybercast CYBER RESILIENCE IN THE RANSOMWARE AND WIPER ERA NEW STRATEGIES FOR CISOS TO PROTECT On-Demand Event * eSummit THE CHANGING FACE OF RANSOMWARE, AND HOW TO RESPOND Tue Jun 25 ADVERTISEMENT GET DAILY EMAIL UPDATES SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy. Subscribe ADVERTISEMENT ADVERTISEMENT -------------------------------------------------------------------------------- ABOUT US SC MediaCyberRisk AllianceContact UsCareersPrivacy GET INVOLVED SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us EXPLORE Product reviewsResearchWhite papersWebcastsPodcasts Copyright © 2023 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization. Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions. COOKIES This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you. If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies. Accept cookies