The ALPHV ransomware group has claimed responsibility for an attack on Amazon’s security camera company, Ring, and is threatening to leak their data. This came to light because of this Tweet:
ALPHV is known for using the BlackCat malware in their attacks. The ALPHV group operates a ransomware-as-a-service platform. The group also has a searchable database of its victims who deny paying the ransom on the site.
The fact that someone might have pwned Amazon is plausible. Last December Brian Krebs carried a story on two US teens that were busted for taking control of RING camera’s and then Swatting the home owners and recording the police raid. The RING system is just one more IoT device that is attractive, and apparently vulnerable, to malicious hackers.
David Maynor, Senior Director of Threat Intelligence, Cybrary had this comment:
“The exploitation of IOT devices that consumers rely on continues to march towards every dystopian movie plot. Attackers have moved from ransoming devices to ransoming companies. These attacks continue to have an increasing impact on the daily life of users.”
We’ll know soon enough if this threat to leak data is real or not. If it is real, I assure you, any company who plays in this space will be freaking out. And so will their customers.