Skip to main content

A notorious ransomware gang is threatening to leak data allegedly involving Amazon-owned video surveillance company Ring.

On Monday, the ransomware group ALPHV listed the video doorbell maker Ring as a victim on its dark website. “There’s always an option to let us leak your data,” the Russia-linked group wrote alongside the listing, seen by TechCrunch.

It’s not known what specific data ALPHV has access to, and the gang hasn’t shared any evidence of data theft.

In a statement given to TechCrunch, Ring spokesperson Emma Daniels said the company currently has “no indications that Ring has experienced a ransomware event,” but would not say if the company has the technical ability, such as logs, to detect if any data was accessed or exfiltrated.

According to a statement shared with Vice, Ring said that it was aware that a third-party vendor had been targeted by a ransomware attack and that it is working with the company, which reportedly does not have access to customer records, to learn more. When reached again by TechCrunch, Daniels declined to confirm the third-party breach or name the vendor involved, but did not dispute it either.

Vice reports that the link to its report was shared in one of Amazon’s internal Slack channels along with a warning: “Do not discuss anything about this. The right security teams are engaged.”

a dark web listing on ALPHV's ransomware site listing Ring

ALPHV’s ransomware site listing Ring. Image Credits: TechCrunch

Like several other ransomware groups, ALPHV doesn’t just encrypt a victim’s data but first steals it, with the goal of extorting the victim by threatening to release the stolen data.

ALPHV, often referred to as BlackCat, first gained prominence in 2021 as one of the first ransomware groups to use the Rust programming language and the first to create a search for specific data stolen from its victims. Other ALPHV victims include Bandai Namco, Swissport, and the Munster Technological University (MTU) in Ireland.

Do you work at Ring? Do you have more information about this ransomware attack? You can contact Carly Page securely on Signal at +441536 853968 and by email. You can also contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email. Share tips and documents with TechCrunch via SecureDrop.