Cyberattacks are reaching unprecedented levels of sophistication, and in response, KYC companies like Persona and IDMERIT—prime targets for ransomware groups—are bolstering their defenses with advanced AML compliance solutions to safeguard sensitive data and ensure regulatory integrity.
These companies process a goldmine of sensitive data, including identity verification records, compliance logs and sometimes, financial onboarding information. For cybercriminals, this data is high-value currency. However, a shift is occurring. The recent hoax about the IDMERIT data breach brings to light how nefarious actors spread disinformation in the media if companies refuse to pay the ransom.
This pivot highlights a maturing approach to digital extortion. Companies prioritizing long-term compliance are becoming more adept to neutralizing these high-pressure tactics. In this article, we take the fake news related to the IDMERIT breach as a case study and show how it can be done.
From Encryption to Extortion
Ransomware attacks are no longer confined to locking down systems. Attackers now simply email companies with threats that they’ll leverage the media to orchestrate ‘reputational terror.’ By seeding terms like ‘data leak’ or ‘data breach’ online, attributing them to KYC companies like Au10tix, IDMERIT, Persona, Signzy, GBG, Veriff, etc., they aim to create enough panic that stakeholders jump towards a quick settlement before the claims can even be verified.
In many instances, these alleged breaches are exaggerated or entirely fabricated—a tactic frequently employed by Russian-linked threat actors to manufacture urgency. These groups mix legitimate-sounding news with extortion demands to bypass technical defenses and target a company’s public standing.
Dismantling the IDMERIT Narrative
A primary example of this ‘manufactured panic’ occurred following a fake news story from a small lesser known Lithuanian blog Cyber Security News on February 18, 2026, regarding an alleged IDMERIT incident. While media outlets claimed a ‘global catastrophe,’ a closer look at the data revealed glaring loopholes in the story.
Italy’s numbers were fake: The Cyber Security News story claimed 53 million records were exposed in Italy. Given Italy’s total population is approximately 59 million, this would imply that nearly 98% of the entire nation, including infants and the elderly, had their KYC data processed by a single company.
Database Padding: While the headline claimed about 3 billion records, the majority were less-sensitive logs already public through government records.
Also Read: What Security Measures Should be Taken When Using PKI?
Why KYC Firms Refuse to Pay
There are reasons why AML compliance solutions providers are not paying the ransom. Paying the ransom to hush fake news only means that attackers might come back for a second bite of the pie.
Second, the rules are changing. Authorities discourage companies from paying ransom, particularly when sanctioned groups or organized crime are involved. KYC firms work in a regulated environment and they cannot afford to break the rules.
Third, having a plan in place helps. If there is a breach, the firm can conduct an investigation. They can check the system logs, authentication attempts and outbound data transfers to see if there was really a breach.
Multiple security experts are now coming out with statements that the Cyber Security News story was fake and there was no breach at IDMERIT, as IDMERIT is a software company and does not have anything to do with storing data.
Losing Money Because of Failed Extortion Schemes and Fake News, Russian hackers are getting creative with their extortion attempts. They are merging ransomware threats with fake news stories. They announce breaches even if they are not real to hurt the company’s reputation and get them to pay.
Not paying the ransom is not a moral decision; it is also a smart cybersecurity move. AML Compliance solutions providers are getting better at defending themselves. They are using:
- Micro-segmentation and strict access controls
- Multi-factor authentication across systems
- Continuous network monitoring
- Dark web threat intelligence tracking
- Regular penetration testing
- Crisis communication planning
The Future of Ransomware Defense
As cyber threats get worse, attackers will keep using reputational pressure techniques. The fact that many extortion attempts are failing shows that things are changing. KYC firms that are prepared do investigations and communicate well are showing that ransomware attacks can be stopped.
For AML compliance solutions providers, not paying the ransom is not about denying the risk; it is about managing it. As cyber threats increase, being resilient, transparent and proactive is the way to defend against these attacks.