BlackCat ransomware claims to have stolen 80GB of data from Reddit

On February 5, 2023, social news aggregator Reddit suffered a security breach that gave attackers unauthorized access to internal documents, code and parts of its business systems. According to Security Affairs on June 18, the mastermind behind the cyberattack recently surfaced, with the BlackCat (aka ALPHV) ransomware group releasing a message claiming responsibility for the cyberattack.

Reddit said after the incident that the attack was a sophisticated phishing campaign targeting Reddit employees, directing them to a fake company intranet gateway site, where they were tricked into obtaining accounts and passwords, and then gaining access to some internal documents and business systems.

Reddit had noted that some company employee and advertiser information had been compromised, but Reddit user passwords and accounts were not compromised.

But now BlackCat has announced that they stole 80GB of Reddit's data in a zip file, and says that Reddit has not identified all the types of data that were stolen. In addition, they had tried to contact Reddit twice, on April 13 and June 16, but were unsuccessful. In a final email to Reddit, BlackCat made a ransom demand of $4.5 million and demanded that Reddit withdraw its resolution to charge third-party apps for the data or else it would leak it.

Reddit recently announced it would charge high API fees for some third-party apps, meaning some popular third-party apps would no longer be able to operate, a move that sparked strong opposition from users and developers.

BlackCat was first discovered in 2021 and operates on a ransomware-as-a-service (RaaS) approach similar to other ransomware.

BlackCat has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, the Swissport, NCR, and Western Digital. BlackCat accounts for about 12 percent of all ransomware attacks in 2022, according to cybersecurity analyst Anozr Way.