The ransomware gang known as ALPHV has claimed a successful attack on Amazon-owned home security company Ring. A cybercriminal group known for its despicable tactics, the gang is now threatening to publish the company’s sensitive data if its financial demands are not met.
On Monday, the malware research organization VX-underground tweeted screenshots of the ransomware gang’s claims, which had been published to its darknet website. Like other groups of its kind, ALPHV has a dedicated “leak site,” where its members selectively release data stolen during attacks. The doxxed info is used to goad victims into paying a hefty ransom. On its page for Ring, ALPHV recently left a simple but menacing message: “There’s always the option to let us leak your data...” but posted no further information.
Used by hundreds of thousands of people across the U.S. to monitor their homes and businesses, Ring would seem an obvious target for cybercriminals purely due to the wealth of information the company collects on its users. For ransomware gangs, the more data, the tastier the target. So far, however, Ring seems to be claiming that the hackers are full of it.
“We currently have no indications that Ring has experienced a ransomware event,” said Emma Daniels, a spokesperson for the company, when reached for comment by Gizmodo. However, Daniels revealed that Ring was “aware of a third-party vendor that has experienced an event and we are working with them to learn more. This vendor does not have access to customer accounts.” Daniels did not identify which third-party had been impacted.
Brett Callow, a ransomware researcher for software security firm Emsisoft, told Gizmodo that there was limited information about the recent incident. “No data has been released yet. Like other ransomware operations, ALPHV sometimes starts by simply naming victims. If that doesn’t result in payment, they then start releasing the stolen data,” said Callow.
“It’s not uncommon for ransomware groups to overstate the extent of the data they obtained, but I don’t recall ALPH having made any completely false claims in the past,” Callow said.
Ring claims no customer data has been affected
It’s also not uncommon for companies to initially deny that customer data has been impacted by a breach when, in fact, it has. Just look at the recent debacle involving the beleaguered password manager LastPass, which was hacked last summer, initially claimed that there was “no evidence”customer data had been compromised, and has been slowly walking back that claim ever since. That said, there’s little indication that’s what’s going on with Ring. In fact, it’s not entirely clear what is happening, since so little information is currently available.
Ring has drawn controversy in the past due to its own privacy and security practices, namely its use of third-parties to collect and share information about users. Several years ago, the privacy-focused Electronic Frontier Foundation published a critique of the company’s data practices, lambasting Ring’s app for its use of third-parties to collect and share excessive information about camera users with advertisers. “Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system,” EFF wrote.
As with most ransomware attacks, we’ll have to wait a little bit to see just how bad the damage really is.