Have you watched that new Luther film on Netflix yet? It’s pretty average. Awful in comparison to the original episodes of the show. There’s one part where they get from Dover to Norway in a matter of moments. It’s ridiculous. As unrealistic as that part, and many others were, the film also featured the hacking of devices in people’s homes. The bad guy would use Amazon Echo devices, these are the actually named devices in the show, to eavesdrop on people to get their secrets and blackmail them. Now, that part seems increasingly prophetic. Today, Amazon is at the center of a claimed ransomware attack targeting their Ring Home Security business.
Ransomware Group Claims Hack of Amazon’s Ring
The possible hack has been reported in Vice and Forbes today. The ransomware group known as ALPHV is claiming to have company data and it threatening to publish it all. This is the same group claiming they hacked and published 6GB of files from Munster Technological University back in February.
Similar to other ransomware collectives, ALPHV doesn’t simply encrypt a victim’s files but also operates a website where it exposes and pressures its targets to pay up. If the victims refuse to comply, ALPHV warns them of a potential public release of their stolen data. What sets ALPHV apart is its “Collections” section on its website, which is more user-friendly than the equivalent sections on other hacker groups’ sites.
Included in Vice’s reporting is a worrying internal post from Amazon’s internal Slack channel saying “do not discuss anything about this. The right security teams are engaged”. While that might indicate there’s no smoke without fire, Amazon’s official line right now is that there are “no indications that Ring has experienced a ransomware event”.
It remains unclear what exactly, if anything, has been compromised. But we’ll keep you posted as soon as we know more.