this post was submitted on 16 Nov 2023
199 points (100.0% liked)

Technology

59421 readers
5527 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Ransomware gang files SEC complaint over victim’s undisclosed breach::The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 42 points 1 year ago

The symmetry is enough to bring a tear to your eye.

[–] [email protected] 24 points 1 year ago

Hahahaha! Brilliant

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

Let's say they pay up but don't announce it on time, but do announce it late.

I don't imagine the hackers would out them then or it'd make that extortion harder in the future.

What kind of penalty are we talking for them failing to disclose on time, but not being outed and doing it voluntarily vs being outed?

[–] [email protected] 9 points 1 year ago (1 children)

What the hackers do is irrelevant. What matters is that they disclose it to the public so that those affected can take necessary actions. Failure to do so deserve a hefty punishment irrespective of whether or not they pay the hacker

[–] [email protected] 2 points 1 year ago (1 children)

It's not about if they pay the hackers, it's what's the punishment for being late to disclose vs being exposed you didn't disclose on time.

I imagine the punishment is worse if you're outed vs late but voluntary?

[–] [email protected] 3 points 1 year ago

In US? I doubt that the punishment is more than a slap on the wrist.

[–] [email protected] 9 points 1 year ago

The victim company is MeridianLink according to the article.

[–] [email protected] 2 points 1 year ago
[–] [email protected] 2 points 1 year ago

I dont know who you are. I don't know what you want. If you're looking for ransom, I can tell you I don't have money. But what I do have is a very particular set of skills, skills I have acquired over a very long career...

[–] [email protected] -1 points 1 year ago* (last edited 11 months ago) (1 children)
[–] [email protected] 15 points 1 year ago* (last edited 1 year ago)

Discovery has to occur to have that info floating around.

The ransom gang is not going to show up in court of comply with any cour orders. They are just filing this as part of a pressure campaign on their victims. "Pay us quickly and no one will ever know. Don't, and we will make this very public and get you fined by the government too."

Frankly, I applaud the move. It might actually make companies comply with the SEC mandates just to eliminate this part of the ransomware threat. I think it undermines ransomware groups negotiating positions, but I'm glad to let them make mistakes.