Ransomware cyber group hacks Amazon’s Ring devices
ALPHV claims to publicly expose the victims' data if they don't pay.

Amazon-owned Ring, an extremely popular surveillance camera firm, has reportedly been hacked by a ransomware group. Ring’s information might be made accessible if the ransomware gang gets its way.

A statement alongside the Ring emblem on the ransomware group’s website states, “There’s always an option to let us leak your data.” ALPHV, a ransomware organization renowned for its BlackCat software, has claimed responsibility for the attack.

Like other ransomware gangs, ALPHV extends further than just encrypting a victim’s data, and it operates a website in which it names and humiliates its victims in an effort to blackmail them.

ALPHV claims to publicly expose the victims’ data if they don’t pay. The site of ALPHV stands out because, compared to the websites of other hacking groups, its “Collections” area, which releases leaked information, is simpler to find.

Motherboard confirmed that Ring is mentioned on ALPHV’s data dumping website. Previously on Monday, the cybersecurity group VX Underground shared an image of the listing.

An internal Amazon Slack channel received a link to this post shortly after it was posted from one individual and wrote, “Do not discuss anything about this. The right security teams are engaged.”

What particular kinds of corporate or consumer information ALPHV might have access to is unknown. An inquiry for a response from Ring did not immediately get an answer.


Image: Chip Somodevilla/Staff

ALPHV has infiltrated hospitality businesses and released medical information in the past. Similarly, it also said that an Irish university had been targeted.

By using credentials from past thefts, hackers on a Discord channel started hacking a handful of Ring cameras nationwide in 2019. These cyber attackers terrorized their victims after gaining access to their systems.

In Tennessee, for example, a hacker got entry to a camera mounted in the bedroom of three young girls and communicated with the girls through the camera’s speaker while also playing the song “Tiptoe Through the Tulips” for them. The attackers once produced a podcast where they live-streamed getting into Ring users’ cameras.

The occurrences revealed the sensitivity of a cloud-connected security camera. Ring has distributed millions of units, and they’re now commonplace in neighbourhoods across the nation where they monitor delivery drivers and passersby.

To make it simple for people to share videos with law enforcement, Amazon has worked with at least 2,000 police agencies across the nation.

In addition to the video they capture, which is regularly shared online, the cameras have gathered so much attention that Amazon created “Ring Nation,” a variety series that consists largely of bloopers recorded by Ring cameras.

Even though Ring was unaffected by some of these occurrences, the attackers took full advantage of problems with the way Ring’s basic security settings were configured. Ring has modified some of its security protocols in the following those breaches to make it simpler and more visible for customers to verify their security controls.