Reddit Extortion by BlackCat Ransomware | #ransomware | #cybercrime

  • The BlackCat ransomware gang, aka ALPHV, recently posted that it would leak 80 gigabytes of confidential Reddit data unless it rolls back the new API policy.
  • The ransomware gang doesn’t expect Reddit to fork out the cash.

A new player has emerged amid the standoff between Reddit and its moderators over the company’s new controversial API policy. The BlackCat ransomware gang, aka ALPHV, recently posted that it would leak 80 gigabytes of confidential Reddit data it exfiltrated from the company’s systems on February 5, 2023, unless it rolls back the new API policy.

Of course, there’s also a financial angle to the development, with BlackCat admins demanding $4.5 million for the deletion of the data and to buy their “silence.” With the public revelation of the breach, ‘silence’ is out of the window, yet Reddit is still at risk of its sensitive data being exposed.

Four months ago, Reddit confirmed a phishing incident after a threat actor accessed one employee’s credentials, leading them to some internal documents, code, and internal business systems. Reddit added that while limited contact information for hundreds of company contacts, current and former employees, and limited advertiser information was breached, its primary production systems remained unimpacted.

The delayed revelation on the part of the ALPHV group begs the question: why now? Well, a BlackCat member said it is the “perfect opportunity” in a post titled, The Reddit Files. “I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity!” the post reads.

Reddit CEO Steve Huffman told The Verge that the company needs to break even before considering the IPO. “You may notice there’s not a lot of companies going public right now. It’s something we’d like to do someday. I don’t know when the market will be more conducive to that, and there are a few things I’d like to do with Reddit before we get there,” Huffman said.

Meanwhile, BlackCat is asking for the original $4.5 million ransom and is demanding Reddit throw in an add-on, which is the withdrawal of the new API policy. Reddit recently instituted a new API policy, effective from July 1, 2023, to levy charges from third-party apps that access Reddit’s data, which used to be free.

“We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took,” it continued. “Did you know they also silently censor users? Along with artifacts from GitHub.”

The Reddit Files post by BlackCat Ransomware Gang

The Reddit Files Post by BlackCat Ransomware Gang

Source: DataBreaches

See More: Almost 8K Subreddits Go Private to Protest Against Reddit’s New API Policy

BlackCat came forward with the threat after more than a week of protests by moderators that saw over 8,000 subreddits ‘going dark’ or making themselves private. During this time, Reddit suffered an outage for more than two hours. Additionally, Smilarweb data seen by Engadget indicated a 6.6% drop in the daily visit volume on Reddit.

However, Reddit isn’t conceding an inch, as Huffman’s interview with The Verge suggested. Huffman said the company spends $10 million on cloud infrastructure to keep Reddit buoyant. The new API usage charges cover these costs while exploring data licensing as a new potential business.

Third-party apps use Reddit data to access the online forum, and AI companies use it to train their models, but Huffman insisted that the platform wasn’t designed for that. He went on to equate third-party apps for Reddit, such as Apollo and Reddit Is Fun, as competitors whom Reddit won’t subsidize any longer.

“What’s not happening is us continuing to subsidize businesses built on taking our data for free. That’s not changing.” Whether BlackCat leaks the Reddit data it claims it has remains to be seen.

In March 2023, BlackCat is believed to have infiltrated Western Digital and stolen approximately ten terabytes of data. The cyberattack, which didn’t involve encryption of the American computer drive and storage maker’s data and systems, led to an outage of its My Cloud service.

How can Reddit ensure its data isn’t leaked? Share your thoughts with us on LinkedInOpens a new window