HQ/EMEAFind out how we can help your business
The notorious ALPHV (BlackCat) ransomware has gained unauthorised access to the data of the popular gaming platform Roblox. The cybercriminals reportedly breached the systems through an attack on accounting software provider Tipalti, based in US.
The security breach, occurring in early September, went unnoticed for an extended period, providing the attackers with ample time to extract 265GB of critical company data covertly, including details about both employees and customers.
Tipalti, a fintech specialising in accounts payable, procurement, and global payments automation software, serves diverse customers that include prominent names such as X (formerly Twitter), GoDaddy, National Geographic, SkillShare, and Canva, among others.
ALPHV ransomware took an unusual approach by immediately targeting Tipalti’s clients for extortion, likely in a bid to rush ransom negotiations.
The dark web blog operated by the ransomware gang showcased Tipalti as its latest victim, with explicit threats to publish data of other clients, using high-profile brands like Roblox and Twitch as examples.
The gang expressed a pledge to the ongoing exfiltration operation, planning to reach out to Tipalti and Roblox with additional data once the market opens. Moreover, security experts are concerned about the individual extortion threat aimed at Roblox, a popular game platform and creation system. ALPHV claims to possess data revealing the tax documents of creators on the platform, adding a layer of complexity to the situation.
The ALPHV, aka BlackCat ransomware, initially identified in 2021, runs as a Ransomware-as-a-Service (RaaS) enterprise, selling subscriptions of malware to potential threat actors. Research indicates the group’s affiliations with other significant ransomware families such as Conti, LockBit, and REvil.
This recent attack follows the gang’s prior exploits, including collaboration with Scattered Spider hackers to target MGM Resorts International and Caesars Entertainment. According to a separate study, ALPHV has victimised over 320 organisations worldwide, setting its position as one of the most active ransomware threats in the past year.
Tipalti and Roblox, the companies directly impacted by the breach, have yet to release official statements, raising significant uncertainties regarding the scope of the security incident and the potential implications for their user base.
