The Week in Ransomware – June 23rd 2023 – The Reddit Files

Reddit

It was a relatively quiet week regarding ransomware news, with the BlackCat ransomware gang extorting Reddit and the ongoing MOVEit Transfer data breaches being the main focus.

This week the BlackCat gang claimed to be behind a Reddit data-theft attack that the company previously disclosed in February 2023.

In February, Reddit announced that it suffered a breach where threat actors gained access to some of its systems and could steal source code and a limited amount of advertiser data.

However, in an update on the BlackCat data leak site, the threat actors claim they stole 80 GB of compressed data during the attack and now plan on leaking the data after they say Reddit ignored a $4.5 million ransom demand.

"The Reddit Files" post on the BlackCat data leak site
“The Reddit Files” post on the BlackCat data leak site
Source: BleepingComputer

While no encryption was utilized in this attack, it is noteworthy as the extortion group is a known ransomware operation.

Currently, no Reddit data has been leaked by the extortion gang. However, they stated, “We expect to leak the data.”

Regarding the MOVEit data breaches, the situation has escalated with the US government issuing an up to $10 million reward for information on the Clop ransomware operation being linked to a foreign government after it was revealed they breached numerous federal agencies.

However, the Clop gang continues to say they care nothing for politics and are only in it for the money, claiming to delete any government data and continuing to name new organizations impacted by the hacks.

On the flip side, impacted organizations continue to come forward, disclosing that they were breached and what information was stolen.

Today, three companies disclosed that they were impacted by a MOVEit breach at their provider PBI Research Services (PBI) disclosed, where the attackers stole the data of 4.75 million people.

As expected, this massive breach has led to a class action lawsuit against Progress Software, the developers of MOVEit Transfer.

Finally, Sophos has released the first episode of the ‘Think You Know Ransomware?’ docuseries on YouTube

Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @BleepinComputer, @fwosar, @serghei, @billtoulas, @Seifreed, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @NCCGroupplc, @NCSC, @pcrisk, @vxunderground, @AlvieriD, and @BrettCallow.

June 17th 2023

US govt offers $10 million bounty for info on Clop ransomware

The U.S. State Department’s Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government.

June 18th 2023

Reddit hackers threaten to leak data stolen in February breach

The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.

June 19th 2023

Iowa’s largest school district confirms ransomware attack, data theft

Des Moines Public Schools, Iowa’s largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023.

June 20th 2023

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .bhtw and .bhui extensions.

June 21st 2023

NCC Group Monthly Threat Pulse – May 2023

New analysis from NCC Group’s Global Threat Intelligence team has revealed that ransomware attacks are soaring, with 436 victims in May. The new figures represent a 24% surge compared to April’s figure of 352 and a 56% increase compared to May 2022.

Sophos releases ransomware docuseries

Sophos has released the first episiode of their ‘Think You Know Ransomware?’ docuseries on YouTube.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .bhgr extension.

June 22nd 2023

MOVEit Data Breach Attacks Prompt Class-Action Lawsuit Against Progress Software

Progress Software, the maker of MOVEit cloud hosting and file-transfer services, is facing a class-action lawsuit in connection with cyberattacks that resulted from a software vulnerability.

Cyber Threat Report: UK Legal Sector

An updated report from the NCSC explaining how UK law firms – of all sizes – can protect themselves from common cyber threats.

June 23rd 2023

MOVEIt breach impacts GenWorth, CalPERS as data for 3.2 million exposed

PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks.

That’s it for this week! Hope everyone has a nice weekend!


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.