Well …. this is interesting. It looks like some ransomware gangs are using a new variation of extortion. It reminds me of that classic cartoon of a brick flying through the window with a note saying “window repair services call xxx.xxxx”. In this case, the cartoon would be a brick flying through the window with a note saying “window violation … all windows must be in working order. Please pay this fine”.
A post by bleeping computer (found HERE) talks about how a ransomware gang coined ALPHV/BlackCat noticed one of their victims didn’t alert the proper channels that they were compromised. Since this is a legal obligation, the ransomware group filed a U.S. Securities and Exchange Commission complaint for not complying with the four-day rule to disclose a cyberattack.
Why is this interesting? It looks like even cybercriminals know about the rules to disclose breaches and could pile fines on top of the other nasty they cause to their victims. This needs to be seen as another reason to disclose when your organization is compromised. Not only is it legally required, but it also removes one possible aspect of extortion a threat actor could use to further increase the damage to your organization.
Again, that post from bleeping computer can be found HERE.