Ransomware gang files SEC complaint over victim’s undisclosed breach::The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
It’s not about if they pay the hackers, it’s what’s the punishment for being late to disclose vs being exposed you didn’t disclose on time.
I imagine the punishment is worse if you’re outed vs late but voluntary?
In US? I doubt that the punishment is more than a slap on the wrist.