'We Expect to Leak the Data': Reddit Hackers Demand $4.5 Million and API Pricing Changes But Say They Doubt The Company Will PayThe ransomware group BlackCat (also known as ALPHV) is threatening to release 80 gigabytes of data if Reddit doesn't meet the hackers' demands.
It hasn't been an easy month forReddit. Last Monday, thousands of Reddit forumswent darkin protest against the company's new API pricing that could cause third-party apps that use the platform, like Apollo, to shut down.
Now, Reddit is the target of the hacking group BlackCat (also known as ALPHV), who claim to have stolen 80 gigabytes of data (which they say they will leak if Reddit doesn't pay $4.5 million), the hackers wrote in a dark web post on Saturday,sharedby researcher Dominic Alvieri on Twitter.
The ransomware group claims it was behind theFebruary phishing attackon Reddit, where the stolen data came from. A spokesperson for Reddit has confirmed to狗万官方that the recent threat by BlackCat relates to the February incident and is "not a new hack."
The Reddit Files.@Reddithttps://t.co/cIUyCWwMlPpic.twitter.com/gyHA7lplvG
— Dominic Alvieri (@AlvieriD)June 17, 2023
The spokesperson added that user data such as passwords were not accessed, but the hackers did "gain access to some internal documents, code, and some internal business systems."Reddit did not indicate whether it intends to pay the ransom. BlackCat, however, is "very confident" that Reddit will "not pay any money for their data," the group wrote in the post: "We expect to leak the data."
Related:Amazon Ring Is the Latest Target of Notorious Ransomware Gang
It's not just millions that the hackers are after, either. In addition to the $4.5 million ransom, BlackCat has demanded that Reddit undo the policy changes to its API, which sparked the site-wide protest.
However, some experts are skeptical of the ransomware group's incentive to support the protestors' cause.
"I suspect that ALPHV doesn't actually care about the API pricing," Brett Callow, threat analyst at cybersecurity firm Emsisoft toldCNN. "They simply want future victims to see how much ongoing harm they can cause to increase the likelihood of them deciding that payment is the least painful option."
Related:Cyber Attacks Are on the Rise in Hospitals, Incidences Have More Than Doubled in 5 Years