BlackCat claims attack, criticises API price hike | #ransomware | #cybercrime

Ransomware gang BlackCat has claimed responsibility for an attack on Reddit earlier this year, and claims to have 80GB of data from site. The group appears to be using the stolen information as a way to pressure Reddit into reversing controversial changes to way it charges to use its APIs, a move which has led to widespread protests among users in recent weeks.

BlackCat behind Reddit hack (Photo by C. Nass/Shutterstock)

BlackCat is also demanding a ransom of $4.5m, but says on its blog that “we expect to leak the data”, indicating it does not anticipate this ransom will be paid. Reddit has said it has no evidence that any private data has been accessed.

Reddit cyberattack: BlackCat claims credit

Reddit announced on February 9 that it had been hacked through a “sophisticated” phishing scam that successfully targeted an employee. This led to unauthorised access of “internal documents, code, as well as some internal dashboards and business systems.”

Data exposed included contact information for hundreds of company contacts, and current and former employees, as well as what Reddit describes as “limited” advertiser data. The platform claims it has no evidence to suggest that any of your non-public data has been accessed.

But yesterday BlackCat, also known as ALPHV, wrote on its dark web victim blog, where the gang normally posts the name of its victims, that it was behind the breach. Dubbing the upcoming leak the “Reddit Files”, the cybercriminals say they tried to contact Reddit twice in April, demanding a ransom of $4.5m for the 80GB of data to be deleted. 

The blogpost claims that the stolen data will be of interest to customers as it reveals how Reddit is treating its users: “The public will be able to read about all the statistics they track about their users and all the interesting confidential data we took,” reads the post. “Did you know they also silently censor users? Along with artifacts [sic] from their GitHub!”

BlackCat demands Reddit reverses pricing changes

The gang also made another demand alongside the ransom, which is for Reddit to withdraw its API pricing changes. 

Content from our partners
A renewed demand for film rewards Kodak’s legacy

Why plugging the sustainability skills gap is key to ESG

Adaptability will shape the future of distributors

Reddit said in April it was planning to up the price it charges for accessing its APIs, causing a backlash amongst customers and site-wide protest last Monday, which saw many of the busiest sub-Reddits go dark for 24 hours. The cost is going from a few dollars for 50 million API calls to $12,000.

Popular third party Reddit app Apollo has announced that it is closing down at the members as a result of the price hike, and thousands of subreddits last week went dark to protest the policy. R/music and r/videos have closed permanently.

As reported by Tech Monitor, the move mirrors one introduced by Elon Musk at Twitter earlier this year. Experts suspect that data scraping used to feed generative AI models was in part to blame for the shift in API pricing.

“We now demand that they also withdraw their API pricing challenges, along with our money, or we will leak [the data],” the BlackCat post reads.

Source link

National Cyber Security