BlackCat threatens to leak Reddit data.
By Rachel Gelfand, CyberWire staff writer.
Jun 20, 2023

Social news aggregation giant Reddit has been victimized in a ransomware attack, claimed by members of the BlackCat/ALPHV gang.

BlackCat threatens to leak Reddit data.

Members of the BlackCat/ALPHV gang claim to be behind a February attack on social news aggregator and discussion platform, Reddit, BleepingComputer reports. The gang is now threatening to release some 80 gigabytes of data they’re claiming they’ve lifted from the site.

A February hack caused by a phishing attack.

Reddit disclosed on the ninth of February a hack of its systems on the fifth. The attack, Security Affairs reports, was a “highly-targeted” phishing attack against company employees. The phishing messages were said to redirect to a faux landing page impersonating the company’s intranet gateway, intended for credential harvesting and the lifting of second-factor tokens. Passwords and user accounts were not compromised, nor were the “primary production systems” of the company, says the outlet. BleepingComputer shares that Reddit is comparing this breach to a January breach of game developer Riot Games’ systems that allowed for system access and the lifting of source code for different League of Legends game modes, alongside their anti-cheat system.

The gang claims to have contacted Reddit with demands of $4.5 million for the deletion of the stolen data on two different instances in April and June, however they say they have not received a response. TechCrunch adds that the hackers demand that the company withdraw its controversial changes to its API pricing plans.

Recent activity by BlackCat/ALPHV.

The BlackCat gang behind the attack, known also as ALPHV, was behind the exfiltration of ten terabytes of data from data storage provider Western Digital in March, says TechCrunch. The gang, also in March, threatened to leak data stolen from Ring, the video surveillance giant led by Amazon. The gang has been active since at least November of 2021, with a long laundry list of victims and an extremely broad range of ransom demands, varying anywhere from tens of thousands to tens of millions of dollars, Security Affairs writes.

An expert weighs in on a role for user training.

James McQuiggan, Security Awareness Advocate at KnowBe4, noted the importance of security awareness training and phishing simulations in defense against social engineering attacks:

"Organizations must continue to take a stand and avoid paying extortion-style ransoms after cybercriminals gain access to their infrastructure, data and systems. Security awareness training and phishing simulations reduce the risk of a social engineering attack. While nothing in cybersecurity defense measures is a silver bullet, these methods can indeed reduce risk. Within every organization, users need to be considered as having keys to the electronic front door, where they can let the cybercriminals in with a click of a link. Security professionals want to ensure that everyone is aware of this and that they can perform their tasks with proper communication and monitoring in case someone accidentally leaves the electronic front door open."