Security News > 2023 > December > BlackCat ransomware crims threaten to directly extort victim's customers
The AlphV/BlackCat ransomware group said it plans to "Go direct" to the clients of a firm it allegedly attacked to extort them, claiming to have infiltrated the systems of accounting software vendor Tipalti.
BlackCat claims it has had access to Tipalti's systems since September 8 and alleges that since then it has managed to exfiltrate more than 265GB of "Confidential" data belonging to the company, its employees, and its clients.
The criminals believe their chances of getting an extortion payment from Tipalti directly are slim, based on their apparent understanding that Tipalti's cyber insurance policy doesn't cover extortion and - or so it claims - an evaluation of its internal discussions suggesting they would not engage with cybercriminals.
Instead of applying the varying degrees of extortion tactics on Tipalti, AlphV/BlackCat said it would instead extort the vendor's clients directly, threatening to start with Roblox and streaming platform Twitch.
In addition to Roblox and Twitch, Tipalti's website lists an array of other high-profile customers, including Discord, Canva, GoDaddy, and Twitter/X. The Register has contacted each but most did not respond.
Used car dealer Cazoo - also a Tipalti customer - responded saying it would ask questions internally and consider a response.