Friday, March 29, 2024

A Ransomware Gang Claims to Have Hacked the Security Camera Company Amazon Ring

There has been a recent cyber attack on Amazon’s popular security camera company, Ring, which was attributed to a ransomware group ALPHV that uses the BlackCat malware

This group has now claimed responsibility for the attack and is now threatening to leak the data from the company.

There are at least two thousand police departments around the country that have partnered with Amazon to make sharing footage with law enforcement as easy as possible for their users.

It is no secret that the cameras and the footage they take, often posted online, have become so popular. In response, Amazon launched a television show called “Ring Nation,” which is a variety show around Ring cameras that includes mostly bloopers recorded by the cameras.

It is important to note that after the news of the data breach broke out, in a statement issued to Motherboard, Ring said it did not have evidence that any of its systems had been compromised but that a third-party vendor had been infected with ransomware.

A Ransomware Gang Claims to Have Hacked Ring

As part of the attack, ALPHV raised the alarm, saying that its malware, BlackCat, had been used to carry out the attack. Affiliate groups of victims who refuse to pay the ransom have access to a searchable database created by the BlackCat malware authors.

ALPHV has a dedicated “leak site,” as do many other groups of this kind, where its members selectively release data they have stolen during an attack. This week, ALPHV posted a message on its page for Ring that states:- 

“There’s always the option to let us leak your data…” 

But after the post, the threat actors have not posted anything about it.

No Customer Data Has Been Affected

The fact that companies initially deny that a hack has compromised customer data is not uncommon, but in reality, the data has been compromised due to a security breach.

A privacy and security practice of Ring has drawn controversy in the past since third parties are used to collect and share information about its users and its own privacy practices.

Although Ring claims that it prioritizes the security and privacy of its customers, we have seen numerous instances where these claims have failed to live up to the claims and have resulted in harming the customers and community members who use Ring.

As of now, Ring has not confirmed whether or not the hackers were able to access any of its users’ data, so there is not yet any guidance for Ring users on how to deal with the situation.

Almost all Ring doorbells and security cameras are compatible with E2EE (end-to-end) encryption, which is available in most regions. Therefore, neither any government entity, hackers, nor even its parent company, Amazon, will be able to access the footage that has been uploaded.

Network Security Checklist – Download Free E-Book

Related Read

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles