If you purchase via links on our site, we may receive affiliate commissions.

Ransom gang ALPHV hints at breach of Amazon’s Ring as firm denies incident

Updated on: 14 March 2023

Gintaras Radauskas
Senior journalist
Contribution by Vilius Petkauskas

ALPHV claims to have breached Amazon-owned security camera company Ring and is threatening to release its data. And though Cybernews has confirmed that the company has been named on the ransomware group’s site, Ring is denying the attack took place.

“There's always an option to let us leak your data,” a message posted on the ransomware group’s website reads next to Ring’s logo, after the company was reportedly entered on a list of supposedly breached firms.

Since cybersecurity collective VX Underground tweeted a screenshot of the listing on Monday, Cybernews has verified that the image is genuine and Ring really is on ALPHV’s data-dump site.

black-cat-screen — Message next to Ring's logo on ALPHV's website. Image by Cybernews.

However, a Ring spokesperson told Cybernews: “We currently have no indications that Ring has experienced a ransomware event.”

It’s not clear what type of data the ransomware group, which operates a strain of malware known as BlackCat, might have access to. Nevertheless, ALPHV just recently leaked Lehigh Valley Health Network’s patient data and photos.

If confirmed, the incident would be “highly worrying,” since Ring has access to a lot of sensitive data, Jordan Schroeder, managing CISO at cybersecurity firm Barrier Networks thinks.

“Given the type of information Ring will have access to, it could range from PII, financial information, to even data relating to the physical locations of people and how they control their home security,” Schroeder said.

As Ring's owner is Amazon, the company is unlikely to give into payment demands, which would would eventually lead to threat actors leaking the data.

In February, the gang also listed the city of Lakewood in the US state of Washington on its site and claimed to be behind the September breach of fast food chain Five Guys.

ALPHV/BlackCat ransomware was first observed in 2021 and noted for using the Rust programming language. According to the cybersecurity analyst ANOZR WAY, the group was responsible for around 12% of all attacks in the first four months of the following year.

Just like other ransom gangs, ALPHV doesn’t simply lock a target’s files – it has a website where it names and shames alleged victims in an attempt to extort them. If they don’t pay up, the cartel then threatens to publicly release stolen data.

Ring itself is no angel, though. In July 2022, the company had to acknowledge it shared data with US law enforcement without user consent 11 times that year. It did so only after a probe led by US Senator Edward Markey.

And in October, a study warned that the use of Ring has given rise to racialized digital surveillance in American neighborhoods. For instance, black delivery workers in white areas were being reported to authorities as “suspicious” by local residents using the devices.

More from Cybernews:

AI will step in as human workers struggle to cope with evolving cyber threats, says expert