We Stole 80GB Of Your Data | #ransomware | #cybercrime

It turns out the hack Reddit suffered back in February may have resulted in a ransomware gang stealing 80GB of data from the social media platform.

The claim comes from the ALPHV/Blackcat ransomware group, which has been trying to extort Reddit into paying to keep the data private. 

“Reddit was emailed twice by operators, once on April 13 and one again on June 16,” the group claimed. “There was no attempt to find out what we took.”  

The ALPHV gang, which is likely based out of Russia, is now demanding Reddit pay $4.5 million or else it’ll leak the data over the group’s site on the Dark Web. However, the post from ALPHV indicates Reddit has no plans to pay off the ransomware gang. 

In response, ALPHV is seizing on recent news about Reddit, which is facing protests from users upset about the company’s plan to charge for API access, which risks shutting down several third-party apps.

“We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took,” the gang claimed in their post. “Did you know they also silently censor users? Along with artifacts from their GitHub!”

In addition to the $4.5 million extortion fee, ALPHV is demanding Reddit cancel its plan to charge for API access or else it’ll release the stolen data. The group also took a shot at Reddit’s CEO Steve Huffman, who goes by the user handle Spez and has faced widespread criticism for his handling of the blackout protest. “Pass on the torch, Spez, you’re no longer cut out for this kind of work,” the group wrote. 

Reddit declined to comment on the ransomware demand. But the social media platform noted the hackers only gained access “to some internal documents, code, and some internal business systems.” No user accounts or passwords were compromised. To breach Reddit, the hackers used phishing messaging that successfully targeted a company employee. 

Source link

National Cyber Security