Months after the devastating cyber attack on Reddit, the ALPHV/BlackCat ransomware group has come forward to share details about their failed negotiations with the social news aggregation and discussion website. The attack, which took place on February 5, 2023, resulted in the exfiltration of 80 GB of confidential data, according to the ransomware group.
In a recent post on their website, BlackCat revealed that they had contacted Reddit staff twice in an attempt to negotiate a ransom payment. The first contact occurred on April 13, indicating that the hackers had remained on the server for over two months, stealing as much data as they could. The second contact took place on June 16, but Reddit declined to engage in discussions regarding the ransom demands.
The BlackCat group expressed frustration with Reddit’s response, stating that there was no attempt to find out what data had been taken. They accused Steve Huffman, CEO and Co-Founder of Reddit, of undermining his own agenda. This revelation comes at a time when Huffman is facing protests from moderators over a price hike in accessing data. While addressing the protests, Huffman emphasized the importance of dissent but stated that the business decision would not change.
The Reddit cyber attack was initiated through a phishing email that targeted the company’s staff. The email contained links to a duplicate website resembling Reddit’s internal network gateway. Fortunately, an employee noticed the attack and promptly alerted the company, leading to the revocation of the hacker’s access. However, the hackers had already gained entry to the company’s internal systems, stealing login credentials, two-factor authentication tokens, confidential documents, source codes, and accessing internal dashboards and business systems.
Although the core systems of Reddit were not breached, the contact information of the company’s staff and advertisers was compromised. This has raised concerns about potential data misuse and privacy breaches.
As negotiations with the hackers failed, BlackCat claimed to have stolen various data from the Reddit cyber attack, including user statistics, a list of users restricted from the platform, and artifacts from its GitHub repository. The group has the stolen data in a ZIP format and made a ransom demand of $4.5 million to delete the data and refrain from mentioning the exfiltration.
The Cyber Express reached out to Reddit for a statement regarding the cyber attack and negotiations, but no response has been received as of now.
It is important to note that this report is based on internal and external research obtained through various means, and the information provided is for reference purposes only. Users bear full responsibility for their reliance on this information, and The Cyber Express assumes no liability for the accuracy or consequences of its use.
The Reddit cyber attack serves as a stark reminder of the constant threat posed by cybercriminals and the need for robust cybersecurity measures to protect sensitive data. It is crucial for organizations to stay vigilant, regularly update their security systems, and educate their employees about phishing scams and other cyber attack techniques. Only by taking these proactive steps can we hope to minimize the impact of such attacks in the future.