The ransomware gang has also issued a threat to leak the alleged stolen data unless Reddit complies with their demands.
In February 2023, Reddit faced a data breach, and the incident is still haunting the Medford-based news aggregation and discussion platform.
Reportedly, hackers are now threatening to leak the data they stole from Reddit if the company fails to pay the $4.5 million ransom. However, that’s not all! Hackers also want the company to forego its new Application Programming Interface (API) access pricing.
As seen by Hackread.com, the attackers posted their threat under the title “The Reddit Files” on their data web leak site. Since hackers claim to have stolen 80GB of confidential Reddit data, the company is under extreme pressure now.
Who Attacked Reddit?
One of last year’s most active ransomware gangs, BlackCat, has claimed responsibility for the attack. In its signature style, the group added Reddit’s name to its dark web blog to inform the cybersecurity community about its latest victim.
For your information, BlackCat is a Russia-linked group also known as ALPHV. It first surfaced in 2021 and prefers using the Rust programming language. The group operates a ransomware-as-a-service business, selling malware subscriptions to cyber criminals.
According to Microsoft researchers, BlackCat hackers deploy malware from the most notorious ransomware families, including REvil, Conti, and LockBit.
Meanwhile, the FBI observed that ALPHV is linked to Blackmatter and Darkside ransomware groups, which is why its RaaS network is so extensive and established. It is worth noting that BlackCat was responsible for 12% of all data breaches in 2021.
About the Hack- How Did it Happen?
Regarding the hacking, Reddit released a statement on February 9th, stating that it was targeted by a sophisticated and highly targeted phishing attack.
The company also confirmed that attackers stole sensitive data, including code, other internal documents, and files containing information about its internal business systems.
Reddit CTO Christopher Slowe, also known as KeyerSosa, added that hackers also accessed employee data, but there was no evidence that login credentials or users’ personal data were stolen.
However, as shown in the screenshot above, ALPHV explained in The Reddit Files that they infiltrated Reddit’s network on February 5th and stole 80GB of zipped data, without checking what they had stolen.
“I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. We expect to leak the data,” the gang noted.
Is BlackCat Exploiting the Situation?
It is suspected that the gang wants to benefit from the uproar against Reddit’s API price change since it will affect third-party Reddit apps like Apollo. Reddit users criticized the price change and even observed a digital strike, which closed thousands of subreddits and Reddit-based forums.