There has been a recent cyber attack on Amazon’s popular security camera company, Ring, which was attributed to a ransomware group ALPHV that uses the BlackCat malware.
This group has now claimed responsibility for the attack and is now threatening to leak the data from the company.
There are at least two thousand police departments around the country that have partnered with Amazon to make sharing footage with law enforcement as easy as possible for their users.
It is no secret that the cameras and the footage they take, often posted online, have become so popular. In response, Amazon launched a television show called “Ring Nation,” which is a variety show around Ring cameras that includes mostly bloopers recorded by the cameras.
It is important to note that after the news of the data breach broke out, in a statement issued to Motherboard, Ring said it did not have evidence that any of its systems had been compromised but that a third-party vendor had been infected with ransomware.
A Ransomware Gang Claims to Have Hacked Ring
As part of the attack, ALPHV raised the alarm, saying that its malware, BlackCat, had been used to carry out the attack. Affiliate groups of victims who refuse to pay the ransom have access to a searchable database created by the BlackCat malware authors.
ALPHV has a dedicated “leak site,” as do many other groups of this kind, where its members selectively release data they have stolen during an attack. This week, ALPHV posted a message on its page for Ring that states:-
“There’s always the option to let us leak your data…”
But after the post, the threat actors have not posted anything about it.
No Customer Data Has Been Affected
The fact that companies initially deny that a hack has compromised customer data is not uncommon, but in reality, the data has been compromised due to a security breach.
A privacy and security practice of Ring has drawn controversy in the past since third parties are used to collect and share information about its users and its own privacy practices.
Although Ring claims that it prioritizes the security and privacy of its customers, we have seen numerous instances where these claims have failed to live up to the claims and have resulted in harming the customers and community members who use Ring.
As of now, Ring has not confirmed whether or not the hackers were able to access any of its users’ data, so there is not yet any guidance for Ring users on how to deal with the situation.
Almost all Ring doorbells and security cameras are compatible with E2EE (end-to-end) encryption, which is available in most regions. Therefore, neither any government entity, hackers, nor even its parent company, Amazon, will be able to access the footage that has been uploaded.
Network Security Checklist – Download Free E-Book