With video doorbells and security cameras in homes around the world, Ring holds a lot of data and now a ransomware gang is threatening to release it online.
As reported by Motherboard (opens in new tab), the ALPHV ransomware gang is claiming it breached the Amazon-owned company’s systems and gained access to its data. Ring did say in a statement to the news outlet though there is no evidence of a breach of its systems. However, it is aware that one of its third-party vendors has been hit by a ransomware attack.
In a post on Twitter (opens in new tab), ALPHV responded to Ring saying “There’s always an option to let us leak your data”. So far, the ransomware gang hasn’t released any of the data it allegedly stole from the company. There’s still cause for concern though as Motherboard spotted a listing named Ring on ALPHV’s data dump site.
Ransomware groups like ALPHV have turned to using data dump sites as a means of coercing victims into paying to regain access to their data. Companies that refuse to pay a ransom often have a small portion of their stolen data leaked online in an effort to get them to play ball with the hackers holding their data hostage.
Tom’s Guide also reached out to Ring for a statement on the matter to which the company responded "we currently have no indications that Ring has experienced a ransomware event".
ALPHV ransomware gang
The ALPHV ransomware gang has a long history of launching attacks against businesses in the U.S., Europe and Asia. The group is also commonly referred to as BlackCat which is actually the name of the malware it deploys in its attacks.
In the past, ALPHV has leaked medical data from the Lehigh Valley Health Network and has taken responsibility for hacking hospitality companies like the Westmont Hospitality Group which operates IHG and Hilton hotels worldwide.
Another thing that sets ALPHV apart from other ransomware groups is its data dump site where it publishes hacked data in groups called “Collections”. While other ransomware groups have similar sites, ALPHV’s is known for being indexed and easier to search.
For instance, on its ALPHV Collections site, it’s possible to search through nearly complete leaked databases with content indexed by both the filenames themselves and the content available in the files which include documents and images.
Should you be worried about your Ring data?
At the moment, Amazon is currently investigating the data breach of a third-party vendor that ALPHV has taken credit for. Until this investigation is complete, we likely won’t hear more.
As Ring makes some of the best video doorbells and the best home security cameras, its products are extremely popular and used in homes worldwide. In order to prevent others from snooping on your cameras though, the company uses end-to-end encryption (E2EE) in most countries which prevents it as well as governments from getting access to data from your cameras.
If the ALPHV ransomware gang did manage to breach one of Ring’s third-party vendors though, it’s possible the group may have been able to steal corporate or customer data during its attack.
If you’re worried about your Ring data or even the fact that the company is adding a paywall to some features that used to be free, it might be time to consider some alternatives instead. Either way, we’ll likely find out whether or not customer data was obtained by the ALPHV ransomware gang soon.