A ransomware group known as BlackCat or ALPHV is reportedly trying to extort $4.5 million from Reddit, and they have glommed on to the recent user controversy and boycott over recently announced pricing for Reddit's API.
It's likely not the sort of ransom-demand situation like the one the city of Oakland faced earlier this year, in which the demand was refused and hackers leaked a trove of highly personal information about Oakland city employees and police on the dark web as a result. But ALPHV is seeking $4.5 million from Reddit, and they say that they have 80GB of confidential data that was taken during a breach in February.
As CNN reports, Reddit confirmed that a breach occurred in February, but it said that no user data was involved, and that only data about one employee was part of the breach.
Reddit CTO Chris Slowe described the "security incident" in a "TL;DR" post after the breach was addressed.
"Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack," Slowe wrote. "They gained access to some internal documents, code, and some internal business systems."
Slowe explained, "Soon after being phished, the affected employee self-reported, and the Security team responded quickly, removing the infiltrator’s access and commencing an internal investigation."
ALPHV apparently made their original ransom demand in April, and on Friday the group escalated things by linking the demands of Reddit users and moderators who have recently been protesting a new revenue-generating policy surrounding third-party apps — which many users enjoy using to access Reddit forums.
Brett Callow, a threat analyst at cybersecurity firm Emsisoft, tells CNN that he reviewed the Friday posting, and he imagines it's partially bluster.
"I suspect that ALPHV doesn’t actually care about the API pricing," Callow says. "They simply want future victims to see how much ongoing harm they can cause to increase the likelihood of them deciding that payment is the least painful option."
ALPHV has apparently said that they don't expect Reddit to comply, and they intend to leak the data soon.
Reddit has been planning an initial public offering later this year, and the raising of prices for access to Reddit's API is part of an overall revenue-growth strategy. Elon Musk did something similar with Twitter's API when he took over there last fall.
Following the phishing attack and ransom demand that took down Oakland's city government computers in mid-February, the hackers leaked all of their stolen files in early March when their demand wasn't met. Oakland was following best practices around these attacks, so as not to encourage more similar hacking operations, but the city now faces a class-action lawsuit from city employees whose private data is now out there.
Previously: The Oakland Ransomware Attack Files Have Been Leaked