Ransomware gang claims to have hacked Amazon’s ring
A gang of extortionists known as ALFV announced a successful attack on Amazon-owned Ring is a home security company.. A group of cybercriminals known for their despicable tactics, the gang is now threatening to release the company’s sensitive data if its financial demands are not met. Ring denies the gang’s claims.
On Monday, malware research organization VX-underground tweeted screenshots of ransomware gang statements that were posted on their digital underworld website. Like other bands of its kind, ALPHV has a special “leak site”, where its members are selectively data release stolen during the attacks. The doxed information is used to push the victims to pay a large ransom. On his Ring page, ALPHV recently posted a simple but ominous message: “There’s always the option to let us leak your data…”, but did not release any further information.
Used by hundreds of thousands of people in the US to monitor their homes and businesses. Ring may seem like an obvious target for cybercriminals solely because of the abundance of information the company has. collects on its users. For ransomware groups, the more data, the tastier the target. So far, though, Ring seems to be saying that hackers are plentiful.
“At this time, we have no indication that Ring has been attacked by ransomware,” said Emma Daniels, a spokesperson for the company, when Gizmodo reached out to comments. However, Daniels revealed that Ring “was aware of the third party vendor that the event happened to and we are working with them to find out more. This provider does not have access to customer accounts.” Daniels did not specify which third party was affected.
Brett Callow, a ransomware researcher at software security company Emsisoft, told Gizmodo that information about the recent incident is limited. “The data has not yet been made public. Like other ransomware operations, ALPHV sometimes starts by simply naming victims. If that doesn’t result in a payment, they start divulging the stolen data,” Callow said.
G/O Media may receive a commission
“It is not uncommon for ransomware groups to inflate the amount of data they have obtained, but I don’t recall ALPH making any completely false claims in the past,” Callow said.
Ring claims no customer data was touched.
It is also not uncommon for companies to initially deny that customer data has been compromised when in fact it has. Just look at the recent fiasco involving the beleaguered password manager LastPass, which was hacked last summer initially claimed there was “no evidence” that customer data had been compromised. Company was slow going back it’s been a requirement ever since. However, there are few an indication of what happens to the ring. It’s not really clear What it happens, because there is so little information.
Ring has been controversial in the past due to its own security practices, namely the use of third parties to collect and disseminate information about users. A few years ago, the Electronic Frontier Foundation, which focuses on privacy issues, published company criticism data practices, criticizing the Ring app for using third parties to collect and share excessive information about camera users with advertisers. “Ring claims to prioritize the security and privacy of its customers, but time and time again we see these claims not only fall short of expectations, but are detrimental to customers and community members who interact with Ring’s surveillance system,” EFF. wrote.
As with most ransomware attacks, we’ll have to wait a bit to see how bad the damage really is.