ALPHV Files SEC Compliant

The ALPHV/BlackCat filed a complaint with the U.S. Securities and Exchange Commission (SEC) against MeridianLink. Just so you know, ALPHV is a ransomware group, and MeridianLink is their victim. The complaint alleges that the victim failed to comply with the four-day rule for disclosing a cyberattack, raising the stakes in the ongoing battle between hackers and targeted organizations.

The threat actor previously listed MeridianLink, a software company, on their data leak platform. An ultimatum accompanied it – the alleged stolen data would be leaked unless a ransom was paid within 24 hours. MeridianLink, a publicly traded company specializing in digital solutions for financial institutions, banks, credit unions, and mortgage lenders, was thrust into the spotlight of a high-stakes cyber confrontation.

SEC Rules and Cybersecurity Reporting

In response to an increased number of security incidents in U.S. organizations, the SEC recently introduced new rules. It requires publicly traded companies to promptly report cyberattacks with material impacts on investment decisions. The reporting deadline is set at four business days after determining the incident’s materiality. According to reports, the ALPHV ransomware gang claimed to have breached MeridianLink’s network on November 7, emphasizing that they stole company data without encrypting systems.

However, it allegedly received no response from MeridianLink regarding negotiation for the stolen data, so the ransomware group decided to surprise everyone. They filed a complaint with the SEC and published a screenshot of the complaint submission on the SEC’s official platform. The complaint accuses MeridianLink of failing to disclose a cybersecurity incident involving “customer data and operational information”. However, they did not take into account one little thing. These rules are slated to take effect on December 15, 2023, as explained by Reuters in October.

Will Ransomware Groups Report to the SEC in the Future?

Ransomware and extortion groups have previously threatened to report breaches to the SEC. However, the MeridianLink hack marks a public confirmation that such a report has been filed now. The course of actions raises questions about the evolving dynamics between hackers and victims as the ALPHV ransomware group desperately moves to utilize regulatory channels to exert pressure on their targeted organization. The incident also underscores Russian hackers’ ongoing challenges with profiting from victims through heightened regulatory scrutiny.

But the question persists – will this tactic be used more and more often in future? Well, the answer is yes and no at the same time. Thing is, the vast majority of ransomware victims are small companies, too small to go public by the rules set by the SEC. Thus, 70-80% of the ransomware attacks will not have such powerful pressure points. Other ones may still be avoided – there are enough bureaucratic tricks present in the document that backs the new SEC demand.

The post ALPHV/BlackCat Ransomware Reports MeridianLink Hack To SEC appeared first on Gridinsoft Blog.

It is emphasized that this reward can be obtained for any information about the heads of the Darkside, who occupy key positions in the faction. If the informant provides information that will lead to the arrest of DarkSide partners (in any country) who help hackers to carry out attacks, this information can get up to $5,000,000.

The US authorities said they are offering such a large reward due to an attack on the largest pipeline operator in the United States, the fuel transportation company Colonial Pipeline. Let me remind you that we talked about this attack in detail, because it was this incident that forced the authorities to introduce an emergency regime in a number of states and became the very straw that could break the back of a camel: the attention of law enforcement agencies to ransomware increased, and on hacker forums they rushed to ban advertising of ransomware.

After the attack on the Colonial Pipeline company, which drew too much attention from the authorities to the hackers, DarkSide ceased its activities, claiming that it had lost access to some of its accounts and servers. However, experts soon reported that the new BlackMatter ransomware could be considered the “successor” of the DarkSide malware, and the group clearly simply carried out a “rebranding”.

However, we also wrote that after REvil shut down, members of the hack group DarkSide hastily moved $7 million.

The aforementioned BlackMatter also stopped working last week, citing pressure from local authorities and some recent news. Representatives of the group did not explain exactly what news were discussed, but the statement came after a series of major arrests in recent weeks.

The post US authorities offer $10 million for information on DarkSide operators appeared first on Gridinsoft Blog.

Namely, they try to protect employees of the US election commissions, the US electoral infrastructure, voting machines, as well as the headquarters of candidates and their employees.

“The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who works with or for a foreign government for the purpose of interfering with U.S. elections through certain illegal cyber activities”, — reports the U.S. Department of State.

Representatives of the US Department of State note that the award is valid for any information about any form of hacking, for example, it also applies to elections held at the federal, state or local level.

“Our external adversaries can use malicious cyber operations aimed at electoral infrastructure (including voter registration databases and voting machines) to disrupt elections in the United States. Such adversaries can conduct malicious cyber operations against political organizations or US campaigns to steal confidential information, and then leak this data in order to discredit political organizations or candidates”, — wrote State Department officials.

Individuals engaging in malicious cyber operations targeting electoral or electoral infrastructure may be subject to prosecution under the Computer Fraud and Abuse Act 18 of the United States, § 1030 of which criminalizes unauthorized computer intrusions and other forms of computer-related fraud. Among other offenses, the law prohibits unauthorized access to computers to obtain information and transfer it to unauthorized recipients.

“We encourage anyone with information on foreign interference in the US elections to contact the Rewards for Justice office via the website or email (info@rewardsforjustice.net) or contact a regional security officer at the nearest embassy or consulate USA”, – said the American authorities.

Additionally, the U.S. The Department of State revealed that the Rewards for Justice Program has existed since 1984 and has paid more than $150 million to over 100 people around the world who have provided actionable information that helped prevent terrorism, hold terrorist leaders accountable and eliminate threats to the US national security.

While you are thinking about how to save the American elections and make 10 million, read about the top 10 software vulnerabilities, most often exploited over the past 5 years, about which talked the US authorities.

The post US authorities offered $10000000 for information on planned cyberattacks for the elections appeared first on Gridinsoft Blog.

Firstly, law enforcement agencies are successfully using forensic tools for mobile devices (for example, the FBI managed to crack the iPhone 11 Pro Max using the GrayKey tool).

Secondly, as demonstrated results of a series of tests conducted by the US National Institute of Standards and Technology (NIST) over the past year, the manufacturers of these tools have been very successful in reverse engineering of smartphones.

“During the study, NIST experts tested the tools manufactured by Cellebrite, Grayshift and MSAB. Recall that in 2019 Cellebrite updated its premium tool for breaking encryption of iOS and Android UFED devices”, – reports NIST.

As NIST studies show, the current version of UFED 4PC allows receiving GPS coordinates, messages, call logs and contacts from iPhone X and from almost all earlier models. Researchers have also been able partially retrieve data from Twitter, LinkedIn, Instagram, Pinterest, and Snapchat. Against newer iPhone models, the tool was mostly useless.

It is noteworthy that UFED 4PC copes with Android devices much worse than with the iPhone. For example, the tool was not able to extract social network data, GPS and browser history from Google Pixel 2 and Samsung Galaxy S9. In addition, UFED was unable to access messages on the Ellipsis 8 and Galaxy Tab S2 tablets. With the Huawei P20 Pro, the tool does not work at all.

“Now we can hack the iPhone. A year ago, we could not hack the iPhone, but we were able to deal with all Android devices. Now we cannot hack many Android devices”, – told Motherboard reporters detective Rex Kieser.

According to Kieser, Cellebrite is currently the market leader in mobile hacking tools (with the exception of the iPhone). The main provider of iPhone hacking tools is Grayshift. Its tool GrayKey costs as much as $15-30 thousand and can crack encryption on any iPhone.

Well, some states release special applications to monitor their citizens, while other governments hire hackers to maintain cyber war with both external and internal enemies. It is your decision which side you take and what should be a priority: control and a promise of security from the state or confidentiality. As you see, there is practically no protection against targeted hacking, but just in case, check your devices with Gridinsoft products, maybe you are already being watched, probably not by the state, but by some amateur hacker.

The post US authorities can hack iPhone, but may have difficulties with Android appeared first on Gridinsoft Blog.