Image: Brett Jordan (unsplash)
It was disclosed that the ALPHV/BlackCat ransomware gang, supposedly tied to Russia, utilized their dark web blog, a platform notorious for publicizing recent victims, to release a post concerning Reddit. They professed to have surreptitiously extracted around 80 GB of data during a security violation occurring earlier this year.
Back in February, an announcement from the company indicated that a highly specialized and precisely orchestrated phishing attack had led to its systems being compromised. The perpetrators managed to seize a range of internal documents, code, and a few internal business systems.
It was posited by ALPHV/BlackCat that its members infiltrated Reddit’s systems on February 5th and on two separate occasions, communicated to the company about the data theft. In response, however, it appeared Reddit made no attempt to determine the nature of the stolen data.
Interestingly, ALPHV seems to be capitalizing on the current backlash against Reddit following the company’s revelation of new pricing for Application Programming Interface (API) access, a decision that could potentially put third-party Reddit applications, such as Apollo, out of operation.
A digital strike was launched by Reddit’s user base in opposition to the proposed pricing plan. This led to the shutting down of thousands of subreddits and Reddit-centric forums specializing in various topics.
The ransomware gang, in their final email to Reddit, laid down a demand of $4.5 million for the data’s removal and their silence. It was asserted that if the situation were to become public, they would insist on the withdrawal of API pricing changes along with the ransom, or risk a data leak, as mentioned in a blog post by ALPHV/BlackCat.
Efforts were made to obtain a comment from Reddit, but there was no response prior to the publication of this article.
What is ALPHV/BlackCat ransomware?
The ALPHV/BlackCat ransomware first came into existence in 2021. The group, like many other illicit entities, operates a ransomware-as-a-service (RaaS) venture, offering malware subscriptions to criminals. Their utilization of the Rust programming language has been noted.
A study by Microsoft discovered that threat agents who started to employ the malware are associated with other prominent ransomware groups like Conti, LockBit, and REvil.
There are indications from the FBI that the money laundering affiliates of the ALPHV/BlackCat cartel are connected to the Darkside and Blackmatter ransomware cartels, suggesting a well-entrenched network of operatives in the RaaS industry.
Recently, ALPHV/BlackCat has emerged as one of the most active players in the ransomware scene. According to cybersecurity analyst ANOZR WAY, the gang was behind approximately 12% of all attacks in 2022.
The gang’s focus appears to have recently shifted towards professional service providers. In the middle of May, they announced a breach of the Mazars Group, an international firm specializing in audit, accounting, and consulting.
Earlier in the current month, the culprits targeted Casepoint, a legal technology platform utilized by the United States Courts, the US Security Exchanges Commission (SEC), and the Department of Defense (DoD).