Heimdal
article featured image

Contents:

The BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80GB of data from Reddit in a February cyberattack.

Back in February, the social news aggregation platform Reddit experienced a security breach in which threat actors gained unauthorized access to internal documents, code, and some business systems.

The attack targeted the company’s employees via a sophisticated phishing scam. Shortly after the incident, the company assured Reddit users that their accounts and passwords were safe.

The spear-phishing emails sent employees to a bogus website that looked like the company’s intranet gateway. The landing page was designed to trick people into giving their credentials and second-factor tokens.

On late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.

Source

Threat actors gained access to internal documents, code, dashboards, and business systems after stealing credentials from a single employee. The company’s main production infrastructure was not compromised.

According to the company, the phished employee voluntarily reported the incident and initiated an internal investigation. The security team swiftly responded to the incident and successfully locked out the intruders.

Blackcat Ransomware Claims the Attack and Demands a $4.5 Million Ransom

The BlackCat/ALPHV ransomware group has now taken credit for the cyberattack on the company in February. The hacking group says they took 80 gigabytes (archived) worth of data from Reddit. On April 13 and June 16 they tried to get in touch with Reddit, but were unsuccessful both times.

Operators broke into Reddit on February 5, 2023, and took 80 gigabytes (zipped) of data. Reddit was emailed twice by operators, once on April 13 and one again on June 16. There was no attempt to find out what we took.

This is again another instance of Steve Huffman undermining his own agenda. He makes an effort to appear tough, but we are all aware of what happens to individuals like him when businesses go public. such as Adam Neumann of WeWork. I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took.

Source

Blackcat Ransomware Demand Reddit

Source

The group has set their ransom demand at $4.5 million, as per Security Affairs.

Did you know they also silently censor users? Along with artifacts from their GitHub! In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it. (…)We expect to leak the data. Pass on the torch, Spez, you’re no longer cut out for this kind of work.

Source

Companies like industrial explosives maker SOLAR INDUSTRIES INDIA, US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., fashion giant Moncler, Swissport, NCR, and Western Digital are just some of the many that have fallen victim to the BlackCat/ALPHV ransomware gang since it began operations in November 2021.

If you want to learn more about: how ransomware spreads, how to mitigate and how to prevent ransomware attacks, check out the linked articles.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE