A ransomware gang claims it has breached Ring and is threatening to leak data
“There’s always an option to let us leak your data,” the attackers say
A popular ransom operator claims to have compromised Ring, the Amazon-owned company that builds smart doorbells with cameras.
A new report on Vice’s Motherboard states that the group known as ALPHV, popular for its use of the BlackCat encryptor malware, added a new entry to its leak site, next to which is Ring’s logo.
A message posted by the group says “There’s always an option to let us leak your data,” hinting that the negotiations over the ransom demand are ongoing (or could have broken down).
Sensitive customer data?
Amazon is staying relatively silent on the matter. In a short statement issued to Motherboard, the company said it has “no indications” that Ring experienced a ransomware attack.
However, it did say that a third-party vendor did succumb to ransomware and that Ring is currently engaged with it in an effort to learn more about the incident. It also clarified that the vendor doesn’t have access to customer records.
Currently, there are no reports detailing what kind of data ALPHV is supposedly holding and threatening to release. Allegedly, Amazon’s employees were instructed to stay quiet. Motherboard reported that “one person” notified Amazon’s employees of the incident via a Slack message and instructed them “do not discuss anything about this”, adding that the “right security teams” were engaged.
There are still plenty of unanswered questions about this incident. If Ring isn’t the one that was compromised, who is the third party? What kind of data does ALPHV hold? How did the group compromise the target network, and was any malware or social engineering involved? What are the ransom demands, and how much money does ALPHV expect to get in exchange for the data and the decryption key?
Until ALPHV leaks the data, or the targeted company files a report with the SEC, we won’t know for sure.