Dominic Alvieri, a cybersecurity expert and security researcher, recently tweeted that the cybercriminal group BlackCat, also known as ALPHV, has threatened to release 80GB of compressed data that was stolen from Reddit during a security breach in February 2023.
The group is seeking a $4.5 million ransom as well as the reversal of recent API price changes.
Although reports do not identify the payment method sought, it is almost certain that these organizations will ask for cryptocurrency, typically in the form of monero (XMR) or bitcoin (BTC).
There was no evidence of user accounts being hacked or production systems being infiltrated, but the breach, which Reddit confirmed earlier this year, gave the hackers access to internal papers, codes, and business systems.
The BlackCat group applied a common strategy used by ransomware groups to put pressure on their victims: posting their demands on their leak site.
The Reddit Files.@Reddit https://t.co/cIUyCWwMlP pic.twitter.com/gyHA7lplvG
— Dominic Alvieri (@AlvieriD) June 17, 2023
Dominic Alvieri, a security researcher and cyber-analyst, tweeted a screenshot of the group’s demands. Despite being a ransomware organization, BlackCat did not encrypt any devices during this attack, but it did exfiltrate a sizable amount of data. The specifics of the data that was stolen are unknown.
The group claimed in their post that they succeeded in hacking into Reddit’s servers on February 5, 2023, stealing 80GB of data in ZIP format with them.
It’s still unclear if this figure corresponds to the data’s compressed or uncompressed size. On April 13 and June 16, the gang claims to have approached Reddit with a demand for $4.5 million to delete the data. They also threatened to demand that the API pricing changes be reversed if they had to make the extortion public.
It is unlikely that Reddit will abide by these requirements. It looks like BlackCat is taking most of the media attention that Reddit is currently receiving as a result of group blackouts in opposition to the API pricing. Contrary to typical criminal behaviour, ransomware offenders frequently seek media attention and exposure.
It is unlikely that BlackCat will disclose user information like account information, passwords, or payment details if it does reveal the stolen Reddit data.
Reddit has consistently insisted that there was no breach of the production systems containing this data. BlackCat instead suggests disclosing “all the statistics they track about their users” and information regarding how Reddit “silently censors users.”
Although it’s unclear how much users of Reddit will care about tracking and shadowbans, this could lead to additional protests against the platform.
Reddit has not yet verified any of the claims made by a criminal group about ransom demands and the types of data they claim to possess.
Discussion about this post