Ransomware Group Claims Hack of Amazon's Ring

A ransomware gang claims to have breached the massively popular security camera company Ring, owned by Amazon. The ransomware gang is threatening to release Ring’s data. Ring told Motherboard it does not have evidence of a breach of its own systems, but said a third-party vendor has been hit with ransomware.

“There's always an option to let us leak your data,” a message posted on the ransomware group’s website reads next to Ring’s logo. The ransomware group claiming responsibility for the attack is ALPHV, whose malware is known as BlackCat.

Like other ransomware groups, ALPHV goes beyond just locking a victim’s files, and has a website where it names and shames its victims in an attempt to extort them. If those targets don’t pay, ALPHV threatens to publicly release data stolen from them. ALPHV’s site stands out in that the section of its site which publishes hacked data, called “Collections,” is easier to search than some other hacking group’s sites.

Motherboard verified that a listing naming Ring is currently on ALPHV’s data dump site. The cybersecurity collective VX Underground tweeted a screenshot of the listing earlier on Monday.

After publication, one person shared a link to this article in an internal Amazon Slack channel, and wrote “Do not discuss anything about this. The right security teams are engaged.”

It is not clear what specific data ALPHV may have access to. In a statement, Ring told Motherboard "We currently have no indications that Ring has experienced a ransomware event." But the company added that it is aware of third-party vendor that has experienced a ransomware event, and that Ring is working with that company to learn more. Ring said this vendor does not have access to customer records.

ALPHV has previously leaked medical data, and hacked hospitality companies. It recently claimed an attack on an Irish university too.

In 2019, hackers on a Discord channel began hacking a series of Ring cameras all over the country by reusing credentials exposed in earlier hacks. These hackers then terrorized their victims; in Tennessee, for example, a hacker broke into the camera installed in the bedroom of three young girls and spoke through the camera's speaker to the girls and played the song "Tiptoe Through the Tulips" to the girls. At one point, the hackers created a podcast where they broke into Ring users' cameras live on air. 

Those incidents showed how sensitive a cloud-connected surveillance camera could be. Ring has sold millions of devices, which now are commonplace in neighborhoods around the country, where they surveil passersby and delivery drivers. Indoor cameras, meanwhile, are potentially even more sensitive because of the nature of the footage they can collect.

Amazon has partnered with at least two thousand police departments around the country to make it easy for users to share footage with law enforcement. The cameras—and the footage they take, which is often posted online—have become so popular that Amazon launched a television show called "Ring Nation," which is a variety show made up primarily of bloopers shot by Ring cameras.

Though Ring itself was not compromised during those incidents, the hackers did leverage weaknesses in the way Ring's default security settings were set up. Since those hacks, Ring has changed some of its security practices to make it easier and more obvious for users to check their security settings.

Update: This article has been updated with more detail about the internal response at Amazon and a statement from Ring.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.