Ransomware Group Claims Hack of Amazon’s RingMarch 14, 2023
A ransomware gang claims to have breached the massively popular security camera company Ring, owned by Amazon. The ransomware gang is threatening to release Ring’s data.
“There's always an option to let us leak your data,” a message posted on the ransomware group’s website reads next to Ring’s logo. The ransomware group claiming responsibility for the attack is ALPHV, whose malware is known as BlackCat.
Like other ransomware groups, ALPHV goes beyond just locking a victim’s files, and has a website where it names and shames its victims in an attempt to extort them. If those targets don’t pay, ALPHV threatens to publicly release data stolen from them. ALPHV’s site stands out in that the section of its site which publishes hacked data, called “Collections,” is easier to search than some other hacking group’s sites.
Motherboard verified that a listing naming Ring is currently on ALPHV’s data dump site. The cybersecurity collective VX Underground tweeted a screenshot of the listing earlier on Monday.
After publication, one person shared a link to this article in an internal Amazon Slack channel, and wrote “Do not discuss anything about this. The right security teams are engaged.”
It is not clear what specific types of data ALPHV may have access to, be that corporate or customer. Ring did not immediately respond to a request for comment.
Do you work at Ring? Do you know anything else about this hack? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email email@example.com.
In 2019, hackers on a Discord channel began hacking a series of Ring cameras all over the country by reusing credentials exposed in earlier hacks. These hackers then terrorized their victims; in Tennessee, for example, a hacker broke into the camera installed in the bedroom of three young girls and spoke through the camera's speaker to the girls and played the song "Tiptoe Through the Tulips" to the girls. At one point, the hackers created a podcast where they broke into Ring users' cameras live on air.
Those incidents showed how sensitive a cloud-connected surveillance camera could be. Ring has sold millions of devices, which now are commonplace in neighborhoods around the country, where they surveil passersby and delivery drivers. Indoor cameras, meanwhile, are potentially even more sensitive because of the nature of the footage they can collect.
Amazon has partnered with at least two thousand police departments around the country to make it easy for users to share footage with law enforcement. The cameras—and the footage they take, which is often posted online—have become so popular that Amazon launched a television show called "Ring Nation," which is a variety show made up primarily of bloopers shot by Ring cameras.
Though Ring itself was not compromised during those incidents, the hackers did leverage weaknesses in the way Ring's default security settings were set up. Since those hacks, Ring has changed some of its security practices to make it easier and more obvious for users to check their security settings.
Update: This article has been updated with more detail about the internal response at Amazon.