Ransomware gang files SEC complaint over victim’s undisclosed breach::The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.

  • @NotMyOldRedditName
    link
    English
    9
    edit-2
    1 year ago

    Let’s say they pay up but don’t announce it on time, but do announce it late.

    I don’t imagine the hackers would out them then or it’d make that extortion harder in the future.

    What kind of penalty are we talking for them failing to disclose on time, but not being outed and doing it voluntarily vs being outed?

    • @macattack
      link
      English
      91 year ago

      What the hackers do is irrelevant. What matters is that they disclose it to the public so that those affected can take necessary actions. Failure to do so deserve a hefty punishment irrespective of whether or not they pay the hacker

      • @NotMyOldRedditName
        link
        English
        21 year ago

        It’s not about if they pay the hackers, it’s what’s the punishment for being late to disclose vs being exposed you didn’t disclose on time.

        I imagine the punishment is worse if you’re outed vs late but voluntary?

        • @YarHarSuperstar
          link
          English
          31 year ago

          In US? I doubt that the punishment is more than a slap on the wrist.