However, one new avenue of this direct attack on brand reputation  is for the gangs to connect with the
            authorities.  In November 2023, the ALPHV/BlackCat ransomware gang filed a complaint with the United
            States Securities and Exchange Commission (SEC) regarding their victim, MeridianLink.

            In mid-2023, the SEC adopted new requirements for notifying data leaks effective from September 2023.
            One of these rules requires notification within four business days of any data leak from the moment it is
            confirmed. Not only did ALPHV/BlackCat take control of the trajectory of the extortion, but they also even
            circulated the complaint form among specialist forums as part of a promotional campaign.



            Targeting the most vulnerable

            Ransomware  gangs  are  not  above  using  sophisticated,  customized  extortion  strategies  on  the  most
            vulnerable  sectors.  Healthcare  has  long been  a key  target  – there is  a step change  in  urgency  when
            critical medical procedures may be delayed if ransom is not paid.

            Just a few months after the international Cronos Operation, the Lockbit group claimed a new victim in the
            healthcare  sector.  The  Simone-Veil  hospital  in  Cannes  suffered  a  data  compromise,  adding  to  the
            extensive list of attacks conducted in recent months by other ransomware players against the university
            hospitals of Rennes, Brest and Lille.

            Once the data had been extracted from the hospital on April 17, 2024, an announcement concerning their
            compromise  was made on Lockbit’s showcase  site on April 29, 2024. According  to the cybercriminals’
            terms, the hospital had until midnight on May 1, 2024, to pay the ransom.

            The  lesson  here  is  that  attackers  exploit  the  vulnerabilities  and  pain  points  specific  to each  industry,
            making their extortion tactics more potent. And they do so with no consideration for the victims.

            Ransomware  attacks  are  now  more  than  just  data  encryption  schemes.  They  are  sophisticated
            operations  that  exploit  a  range  of  vulnerabilities  to  extract  maximum  leverage  from  victims.  By
            understanding the multifaceted nature of ransomware extortion, businesses and individuals can develop
            a more robust defence against this growing threat.





            About the Author

            Jacques de la Riviere is the Founder and CEO of Gatewatcher, a cybersecurity
            provider based in France.  Jacques has held positions throughout OpenCyber,
            Adneom and BK Consulting.   He is also currently vice-president  of Hexatrust -
            a cluster of 100 European software cybersecurity leaders and cloud providers.










            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          249
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.