Payments processor Tipalti investigating ransomware attack

Dive Brief:

  • Accounts payable software vendor Tipalti said it’s investigating a ransomware attack that prolific threat group AlphV claimed responsibility for on Saturday. 
  • “Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers,” Tipalti said in a Monday post on X, the social media site formerly known as Twitter. Tipalti did not respond to an inquiry for more information.
  • AlphV claims it has maintained persistent access to multiple Tipalti systems since Sept. 8, resulting in the theft of more than 265 gigabytes of data belonging to the accounting and payment vendor and its customers. The threat actor also claims an insider was and is still actively involved in the attacks, according to a screenshot Dark Web Informer posted from AlphV’s leak site.

Dive Insight:

The AlphV or BlackCat ransomware as a service operation and its affiliates, including Scattered Spider, are linked to several of the highest-profile attacks of late. Some of the group’s latest hits include attacks against MGM Resorts, Caesars Entertainment, Clorox, Fidelity National Financial, Five Guys, Estée Lauder and NCR.

Microsoft threat researchers in late October described the threat group behind a spree of identity-based cyberattacks as “one of the most dangerous financial criminal groups” currently in operation.

The Cybersecurity and Infrastructure Security Agency and FBI issued a joint advisory about Scattered Spider and its activities in mid-November, pleading for victims to share more information and report attacks to authorities in a more timely manner.

AlphV claims it contacted Tipalti customers, specifically organizations with the most data stolen, according to a Monday screenshot from its leak site.

The group called out Roblox, one of Tipalti’s customers, as one of its early targets and threatened to leak sensitive data if extortion demands aren’t met.

Roblox isn’t aware of any impact on its systems and hasn’t been contacted by any groups claiming responsibility for the alleged attack against Tipalti, according to a Roblox spokesperson.

California-based Tipalti said it helps more than 3,500 customers make payments, amounting to upwards of $50 billion annually, to more than 4 million suppliers.