Security Experts:

Connect with us

Hi, what are you looking for?



Ring Denies Falling Victim to Ransomware Attack

Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data.

In response to a cybercrime group’s claims, home security firm Ring says it has no evidence that it has fallen victim to a ransomware attack.

Founded in 2013 and acquired by Amazon in 2018, Ring started with a smart doorbell and later expanded its portfolio with an alarm system and other smart home security products.

On Monday, the cybergang behind the Alphv ransomware added an entry to their leaks site claiming they breached Ring and threatening to release data supposedly stolen from the company.

The entry does not provide details on the amount or type of data that might have been compromised.

“There’s always an option to let us leak your data,” the entry reads.

Responding to a SecurityWeek inquiry, Ring denied falling victim to a ransomware attack.

“We currently have no indications that Ring has experienced a ransomware event,” Ring said.

Also tracked as BlackCat and Noberus and written in the Rust programming language, the Alphv ransomware family was first seen in November 2021, but its operators are likely linked to the previously known cybercrime ring behind the Darkside/Blackmatter ransomware.

Operating under the ransomware-as-a-service (RaaS) business model, the group typically harvests and exfiltrates data from the infected systems, and then uses it to pressure victims into paying a ransom.

In July 2022, shortly after creating a dedicated leak site to pressure one of their victims, the group created a searchable database so that employees and customers of victim organizations could search for their potentially compromised data.

In some cases, the group was also seen launching distributed denial-of-service (DDoS) attacks against victims, and harassing their customers, employees, and partners, to further pressure them into paying up. The Alphv ransomware operators have breached over 100 organizations to date.

Related: Ransomware Operator Abuses Anti-Cheat Driver to Disable Antiviruses

Related: Watch Sessions: Ransomware Resilience & Recovery Summit

Related: Ransomware Operators Leak Data Allegedly Stolen From City of Oakland

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


Dole was forced to shut down systems in North America due to a ransomware attack, which has reportedly led to salad shortages in some...


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.


The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.


More than 3,800 servers around the world have been compromised in recent ESXiArgs ransomware attacks, which also include an improved process.