The ALPHV ransomware gang is claiming on their data leak site that they have stolen data from Ring, a home security company owned by Amazon. TEARLINE confirmed the presence of a Ring entry on the gang’s data leak site, visible in the image below.
Media outlet Vice reported that after publication, a person shared a link to their article in an internal Amazon Slack channel, and wrote “Do not discuss anything about this. The right security teams are engaged.”
TEARLINE contacted Ring for comment and they stated:
"We currently have no indications that Ring has experienced a ransomware event."
ALPHV (also known as BlackCat) is written in the Rust programming language and has the capability to target Windows and Linux systems, as well as ESXi virtualisation infrastructure such as that targeted recently by ESXiArgs. The ransomware is available via an affiliate programme, meaning the developers of the ransomware may not carry out the attacks, they rent the software for others to use and take a commission when victims pay the ransom.
The Australian Cyber Security Centre provides a detailed report on ALPHV’s operations, including MITRE ATT&CK data on the group.
