Roblox and Twich the Latest Target of Ransomware
5 Dec 2023
1 MIN read
The ALPHV ransomware group, also known as Black Cat, recently targeted Tipalti, a Canadian fintech company specialising in accounting software. They announced this on their dark web blog, a platform they use to display their latest victims. Uniquely, ALPHV quickly began extorting Tipalti’s clients, likely to pressure the company into ransom negotiations.
According to the cybercriminals, they infiltrated Tipalti in early September and stealthily exfiltrated over 265 GB of sensitive data, including information on employees and customers. Tipalti’s services include accounts payable, procurement, and global payments automation for businesses with clients like Roblox, Twitch, GoDaddy, National Geographic, Business Insider, SkillShare, Canva, and more.
In a detailed post on their dark web blog, ALPHV specifically mentioned targeting Tipalti, Roblox, and Twitch. Their tactic involves threatening to release data from Tipalti’s other well-known clients, using the names of high-profile companies like Roblox and Twitch to emphasise their point. The attackers stated their commitment to the data theft operation and planned to contact these companies for further extortion.
ALPHV also separately threatened Roblox, a popular gaming platform and creation system, with plans to extort individual parties, such as creators, based on information obtained from the supposed Tipalti breach, which includes creator tax documents.
In a related incident in July 2022, an individual breached a Roblox Corporation employee account, leaking an online 4GB archive of internal documents.
ALPHV/BlackCat ransomware first appeared in 2021 and operates as a Ransomware-as-a-Service (RaaS), where they sell malware subscriptions to other criminals. Microsoft’s analysis reveals that the perpetrators previously collaborated with other notorious ransomware groups like Conti, LockBit, and REvil. The FBI has linked the group’s money launderers to the Darkside and Blackmatter ransomware groups, suggesting ALPHV/BlackCat’s extensive network in the RaaS underworld.