Ransomware Gang Files an SEC Complaint for Victim Not Disclosing Data Breach

Alphv Ransomware gang filed an SEC complaint against MeridianLink for not disclosing a data breach.

BlackCat, also known as ALPHV, BlackCat operates on the ransomware as a service (RaaS) model, with developers offering the malware for use by affiliates and taking a percentage of ransom payments.

The ransomware relies essentially on stolen credentials obtained through initial access brokers for initial access. The group operates a public data leak site to pressure victims to pay ransom demands.

MeridianLink (MLNK) is a leading provider of comprehensive loan origination solutions and an advanced digital lending platform designed to cater to the ever-changing needs of financial institutions.

The DataBreaches report states that Alphv has incorporated MeridianLink into its malicious website. However, the data breaches suggest that the attack was carried out with the involvement of another party.

According to reports, Alpha claimed that they did not encrypt any files, instead, they stole them and removed them from the system. It was also reported that no immediate security measures were taken in response to the incident.

When DataBreaches inquired whether MeridianLink had gotten in touch with AlphV or replied to them, they were informed that although there had been no communication between the attackers and the company, AlphV had received a message from MeridianLink at some time.

DataBreaches enquired of MeridianLink on the purported event and its management. They quickly reacted and said the following:

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.