MeridianLink, a financial software company with over $76 million in last quarter revenue, has confirmed a cyberattack following claims by the AlphV/Black Cat ransomware gang. The gang, known for previous attacks like the MGM Resorts takedown, added MeridianLink to its leak site and asserted reporting the incident to the Securities and Exchange Commission (SEC).
MeridianLink responded promptly, engaging third-party experts to investigate the cyber incident, reassuring minimal business interruption and no unauthorized access to production platforms. The company vows to notify affected parties if any consumer personal information is found to be compromised during the ongoing investigation.
The cyber extortion tactic employed by AlphV takes a unique twist as the gang claims to have reported MeridianLink to the SEC for not disclosing the incident. Despite the erroneous assertion that the company violated the SEC’s new reporting rules, set to take effect next month, the incident sheds light on the increasingly brazen methods ransomware gangs employ to pressure victims into paying ransoms.
The attack draws attention to the evolving landscape of cyber threats, with attackers resorting to tactics such as regulatory threats to coerce victims. MeridianLink’s proactive response, including third-party engagement and ongoing investigations, reflects the broader challenges companies face in navigating and mitigating the impact of sophisticated cyberattacks.
The incident also highlights the broader trend of ransomware gangs resorting to public pressure tactics, threatening regulatory reports to extract ransoms from victims. In this case, the gang’s move to publicly assert SEC reporting and share a photo of the form sent to the SEC showcases the audacity of modern ransomware operations.
As companies grapple with evolving cybersecurity threats, the incident underscores the need for robust security measures, prompt responses to cyber incidents, and the importance of preparing for novel tactics employed by cybercriminals. The ransomware gang’s misuse of regulatory reporting rules serves as a reminder of the multifaceted challenges organizations face in defending against cyber threats in an increasingly complex digital landscape.