A hacker group known as BlackCat (ALPHV) is claiming responsibility for a February cyberattack on Reddit, in which they say they stole 80GB of data. The threat actors have attempted to contact Reddit twice to demand a ransom of $4.5 million, but have not received a response.
If Reddit does not pay the ransom, BlackCat has threatened to leak the data, which is said to include limited contact information for company contacts and current and former employees and some details about the company’s advertisers.
Reddit has confirmed the original leak after an employee fell victim to a phishing attack.
Reddit restricts access to the platform’s API and content
Among BlackCat’s demands are for Reddit to drop a controversial developer fee system that the company is trying to impose. As Reddit prepares for an IPO, it announced that it would begin charging entities $12,000 per 50 million requests.
The fees were first announced in April, and are due to go into effect by July 1.
The company is not profitable and generates revenue mainly through advertising today.
To put this into perspective, charging for the API calls killed the Reddit community’s favorite app, Apollo. The app will shut down by June 30 due to exorbitant costs.
“Apollo made 7 billion requests last month, which would put it at about 1.7 million dollars per month, or 20 million US dollars per year,” the developer said in a Reddit post about the change.
Countless groups on Reddit protested the fees by going “dark” in their unique subreddits. Others started posting pornography and other not-safe-for-work (NSFW) content since Reddit cannot monetize subreddits with NSFW content.
Who is BlackCat (ALPHV)?
BlackCat is a relatively new ransomware group that first emerged in November 2021. The group is known for using a double extortion technique, in which they steal data from victims and then threaten to leak it if the ransom is not paid.
BlackCat has been linked to a number of high-profile cyberattacks, including attacks on Amazon Ring, Western Digital, and Travelex.
BlackCat has consistently been listed among the top ten most active ransomware groups by multiple research entities and was linked in an April 2022 FBI advisory to now-defunct BlackMatter/DarkSide ransomware.
