Security

Cyber-crime

Reddit confirms BlackCat gang pinched some data

Crooks demand $4.5m to keep '80GB' of corp info private – and no API price hikes


Reddit this week confirmed ransomware gang BlackCat, aka AlphaV, broke into its corporate systems in February.

The crew just the other day had bragged it stole 80GB from the biz, and had demanded the social media company pay $4.5 million to keep a lid on the data as well as ditch its controversial API pricing changes.

A spokesperson for Reddit declined to comment on BlackCat's specific boasts, and insisted it's not the result of a fresh intrusion. The theft happened a few months ago, and was the result of a "sophisticated phishing campaign" against its staff that Reddit said it encountered on February 5 and disclosed on February 9. 

At the time, the company said that, as a result of that phishing, miscreants were able to grab "limited Reddit code, limited contact information for a small number of company contacts and employees (current and former), as well as limited advertiser information (no high risk data was accessed such as credit card details, company financial information, account passwords, campaign strategy or performance)."

In short, yes, someone grabbed its corporate data, but user information and accounts weren't touched, or so we're told. Production systems weren't affected, the February announcement declared, and "we have no evidence to suggest that any Reddit information has been published or distributed online."

That may change soon, however, as BlackCat said on Saturday: "We expect to leak the data." 

The BlackCat crooks claimed they stole 80GB of data during the intrusion and emailed Reddit about the break-in twice, once on April 13 and a second time on June 16. "There was no attempt to find out what we took," the ransomware operators said.

"We are very confident that Reddit will not pay any money for their data," the BlackCat post continued, adding that they demanded $4.5 million to delete the stolen data and not make it public, and also want the social media giant to reverse its planned API price hike. 

"I am very happy to know that the public will be able to read all about the statistics they track about their users and all the interesting confidential data we took," the gang added. "Did you know they also silently sensor [censor? – ed.] users? Along with artifacts from their GitHub!"

Reddit's other issues

The blackmail attempt comes as Reddit struggles to put out several other fires, including a backlash over its plan to charge for API access: $0.24 per 1,000 calls.

As we've pointed out in earlier stories about the pricing scheme: this adds up to tens of millions of dollars a year for popular third-party apps, such as Apollo, Reddit is Fun, and Sync, which rely on the API to customize and improve the Reddit experience for forum moderators and netizens. It all seems like an attempt to thoroughly squeeze the pips of these applications, or force their developers to shut down over costs and drive more people to the official Reddit app — something the company would probably like to see ahead of its long-predicted IPO this year.

Reddit CEO Steve Huffman has since said that he's following the Elon Musk playbook, and that the API pricing plan will help the company turn a profit. The makers of next-gen AI models have also been extracting a ton of training data from Reddit, and now Reddit is keen to get a slice of those developers' fortunes by making them pay for API access.

Reddit also announced layoffs earlier this month.

Emsisoft Threat Analyst Brett Callow, who posted a screenshot of BlackCat's demands, said that the ransomware gang "likely do not care about the API pricing."

"Their intention is simply to demonstrate to other victims that they can cause ongoing harm to a business long after an attack, so payment is the least painful option," Callow said.

Callow noted another "non-monetary ransom": specifically, the Lapsus$ demand that Nvidia open source its driver code after the extortion gang stole, and later dumped online, the GPU giant's data in February 2022.

Earlier this year, BlackCat operators breached the security of major Australian law firm HWL Ebsworth, and has since leaked sensitive information including data belonging to the law firm's federal agency clients.

In February, the crew broke into an American health-care provider — Lehigh Valley Health Network (LVHN) — and stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people before posting at least some of that data online.

A cancer patient whose nude medical photos and records were shared has sued LVHN for allowing the "preventable" and "seriously damaging" leak. ®

Send us news
4 Comments

Ransomware isn't always about the money: Government spies have objectives, too

Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data

Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining

These crooks have no chill

Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks

Some employees steal sticky notes, others 'borrow' malicious code

Another banner year for ransomware gangs despite takedowns by the cops

And it doesn't take a crystal ball to predict the future

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices

If Ransomware Inc was a company, its 2024 results would be a horror show

35% drop in payments across the year as your backups got better and law enforcement made a difference

UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers

Huge if true: Brit Foreign Sec says Putin running a 'corrupt mafia state'

Security pros more confident about fending off ransomware, despite being battered by attacks

Data leak, shmata leak. It will all work out, right?

I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice

Remote position, webcam not working, then glitchy AI face ... Red alert!

Crimelords and spies for rogue states are working together, says Google

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us?

Baguette bandits strike again with ransomware and a side of mockery

Big-game hunting to the extreme

Arizona laptop farmer pleads guilty for funneling $17M to Kim Jong Un

300+ US companies, 70+ individuals hit by the fraudsters