Cyberattack on MeridianLink

Ransomware has reached a new height. In addition to existing methods of coercion, hostile actors have begun exploiting government rulings to put additional pressure on targeted entities. According to, ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.

MeridianLink is a major digital solutions provider catering to financial organizations such as banks, credit unions, and mortgage lenders. Recently, it is alleged they were the victims of a major ransomware attack following a breach of their internal systems.

The culprit is the by now notorious ALPHV or BlackCat – one of the many new threats appearing as a result of the growing Ransomware-as-a-Service model. In this case, the gang deploying the malware claims they breached MeridianLink’s network on November 7 and stole company data without encrypting systems, in what is a fairly common pattern – asking for protection money in exchange for not leaking the data.

The alleged lack of response from the company prompted the hackers to exert more pressure by sending a complaint to the U.S. Securities and Exchange Commission (SEC) about MeridianLink not disclosing a cybersecurity incident that impacted “customer data and operational information.”

Pressure to pay a ransom increasing

The gang published on their website a screenshot of the complaint, stating that MeridianLink now only had twenty four hours to negotiate a ransom before their data was leaked. This joins a long list of escalating methods cyberattackers use to exert pressure on their victims. Other methods include calling or otherwise messaging the company to report their intrusion.

Companies under this mounting pressure may fold. After an attack has taken place, it is in the interest of the criminals to keep you off balance and reacting so that you don’t have time to try and resolve the situation. This is where preexisting disaster recovery plans are paramount – they allow organizations to skip the deliberation and sidestep some of the mounting pressure by adhering to preplanned steps and standard procedures.

However, these plans and their supporting systems have to be in place well before the breach takes place; if your organization has not put in sufficient effort to secure your systems, by the time the need is acute it is far too late.

contentACCESS can protect your systems and data

Cybersecurity requires your company to be prepared for eventualities, with a clear plan for both recovery and mitigation. As we have covered previously, part of any disaster recovery plan should be an archive and backup solution. Here, contentACCESS has you covered.

With our unitary system, contentACCESS can provide an archive and backup for a wide spectrum of your company’s critical business information including your SharePointEmail communicationsMicrosoft Teams chat, and a file archive. This added layer of security helps ensure your business continuity in the event of a cyberattack on your company. At the same time, contentACCESS comes with an unprecedented ease of access; browse your archived information through our Web Portal, Outlook integration, or Mobile App – at home, at work, or on the fly. Improve both your productivity and security all in one package.

Are you prepared to face the challenges industry experts predict are coming in the last half of 2023? Do our offers interest you or your company? Our team of experts is waiting to walk you through our offer and show you how best to leverage our unitary archive and backup to match your company needs. Contact us to schedule your free consultation today!

Take the best steps to protect your data – with TECH-ARROW.

Archive all your O365 data with contentACCESS

by Matúš Koronthály