Cybercriminals are becoming increasingly aggressive in their efforts to maximize disruption and compel the payment of ransom demands. A new extortion tactic has emerged, as seen in a recent attempt by the notorious ALPHV ransomware gang, also known as BlackCat.
ALPHV’s Unconventional Extortion Tactic
In early November, ALPHV attempted a first-of-its-kind extortion tactic: weaponizing the U.S. government’s new data breach disclosure rules against one of their own victims. The gang filed a complaint with the U.S. Securities and Exchange Commission (SEC), alleging that digital lending provider MeridianLink failed to disclose what they called ‘a significant breach compromising customer data and operational information,’ for which the gang took credit.
The complaint, which was obtained by TechCrunch, reads: "We want to bring to your attention a concerning issue regarding MeridianLink’s compliance with the recently adopted cybersecurity incident disclosure rules… It has come to our attention that MeridianLink has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules."
A New Trend in Ransomware and Extortion Gangs
ALPHV’s latest extortion effort is not an isolated incident, but rather a trend that is expected to gain momentum in the coming months. While novel, this tactic isn’t the only aggressive approach used by ransomware and extortion gangs.
Hackers have shifted from deploying traditional ransomware attacks to ‘double extortion’ tactics, where they encrypt a victim’s data and threaten to publish the stolen files unless a ransom demand is paid. Some have taken it further with ‘triple extortion’ attacks, which involve extending threats and ransom demands to customers, suppliers, and associates of the original victim.
The Distinction Between Ransomware and Extortion
While ambiguous definitions might not seem like the biggest cybersecurity issue facing organizations today, the distinction between ransomware and extortion is crucial. Defending against these two types of cyberattacks can vary wildly, and understanding the difference helps policymakers know which way ransomware is trending and whether counter-ransomware policies are working.
What’s the Difference Between Ransomware and Extortion?
The Ransomware Task Force describes ransomware as an ‘evolving form of cybercrime, through which criminals remotely compromise computer systems and demand a ransom in exchange for restoring access to the data.’ However, this definition doesn’t account for the different types of attacks.
According to Liska and Callow, a better definition of ransomware should acknowledge the distinction between traditional ransomware attacks and more aggressive extortion tactics. This will enable organizations to better plan for and respond to any type of ransomware attack, whether it occurs within their own network or in a third party’s.
Do Government Sanctions Against Ransomware Groups Work?
While government sanctions against ransomware groups have been imposed, it remains unclear whether they are effective. Carly Page, Senior Reporter at TechCrunch, explores this topic further in her article "Do government sanctions against ransomware groups work?" (see related story).
Conclusion
The rise of new extortion tactics by ransomware gangs highlights the need for more nuanced understanding and definitions of these types of attacks. By acknowledging the distinction between traditional ransomware and more aggressive extortion tactics, organizations can better prepare themselves for potential threats and respond effectively to any type of attack.
