alphv attacks Ring

Incident Date:

March 14, 2023

World map



alphv attacks Ring






Santa Monica, USA


First Reported

March 14, 2023

Ring Potentially Hit by Ransomware Attack from BlackCat/ALPHV

Home security company Ring may have been the victim of a ransomware or data extortion attack by Russian threat actor BlackCat/ALPHV. The group apparently posted the Ring company logo to its leaks website along with the message, “There’s always an option to let us leak your data,” CSO Online reports.

“It is unclear what data has been stolen or what ransom has been demanded, but the potential implications for customers could be severe. As a provider of home security and smart home systems, Ring may have compromised customers’ recorded footage or personal information, such as credit card numbers, mailing addresses, phone numbers, names, and passwords,” CSO Online continued.


This is the unfortunate reality of our permanently online and connected modern world. As more consumer devices are connected to the internet, we open ourselves up to the possibility that the data they collect will be exposed, held hostage, or used for malicious purposes.

Theft of sensitive data prior to delivery of the actual ransomware payload is a favored tactic for most ransomware operators. It was only a matter of time before consumer privacy became yet another casualty of the ransomware epidemic. If these early reports of BlackCat/ALPHV’s attack on Ring are accurate, we can assume that the group has already exfiltrated a significant amount of sensitive data which they will likely leverage to compel payment when they make their ransom demand. This could include data that was stored in the cloud.

BlackCat/ALPHV is known to post stolen data to leaks websites on the public web as opposed to the dark web like other groups, so any leaked personally identifiable information would be greatly exposed. BlackCat/ALPHV is one of the more active RaaS platforms - they demanded millions of dollars over the course of 2022.

But even if Ring is ready and able to respond to the ransomware attack, they will still have to contend with possibly paying BlackCat/ALPHV to prevent further data exposure, and even then there is no guarantee the attackers will honor their end of the agreement. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.