Reporter Joe Tidy was offered money if he would help cyber criminals access BBC systems.
Like many things in the shadowy world of cyber-crime, an insider threat is something very few people have experience of.
Even fewer people want to talk about it.
But I was given a unique and worrying experience of how hackers can leverage insiders when I myself was recently propositioned by a criminal gang.
"If you are interested, we can offer you 15% of any ransom payment if you give us access to your PC."
That was the message I received out of the blue from someone called Syndicate who pinged me in July on the encrypted chat app Signal.
I had no idea who this person was but instantly knew what it was about.
I was being offered a portion of a potentially large amount of money if I helped cyber criminals access BBC systems through my laptop.
They would steal data or install malicious software and hold my employer to ransom and I would secretly get a cut.
I had heard stories about this kind of thing.
In fact, only a few days before the unsolicited message, news emerged from Brazil that an IT worker there had been arrested for selling his login details to hackers which police say led to the loss of $100m (£74m) for the banking victim.
I decided to play along with Syndicate after taking advice from a senior BBC editor. I was eager to see how criminals make these shady deals with potentially treacherous employees at a time when cyber-attacks around the world are becoming more impactful and disruptive to everyday life.
I told Syn, who had changed their name mid-conversation, that I was potentially interested but needed to know how it works.
They explained that if I gave them my login details and security code then they would hack the BBC and then extort the corporation for a ransom in bitcoin. I would be in line for a portion of that payout.
They upped their offer.
"We aren't sure how much the BBC pays you but what if you took 25% of the final negotiation as we extract 1% of the BBC's total revenue? You wouldn't need to work ever again."
Syn estimated that their team could demand a ransom in the tens of millions if they successfully infiltrated the corporation.
The BBC has not publicly taken a position on whether or not it would pay hackers but advice from the National Crime Agency is not to pay.
Still, the hackers continued their pitch.
An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.
Update 7/6/25: Added Ingram Micro's confirmation it suffered a ransomware attack below. Also updated ransom note with clearer version.
An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned.
Ingram Micro is one of the world's largest business-to-business technology distributors and service providers, offering a range of solutions including hardware, software, cloud services, logistics, and training to resellers and managed service providers worldwide.
Since Thursday, Ingram Micro's website and online ordering systems have been down, with the company not disclosing the cause of the issues.
BleepingComputer has now learned that the outages are caused by a cyberattack that occurred early Thursday morning, with employees suddenly finding ransom notes created on their devices.
The ransom note, seen by BleepingComputer, is associated with the SafePay ransomware operation, which has become one of the more active operations in 2025. It is unclear if devices were actually encrypted in the attack.
It should be noted that while the ransom note claims to have stolen a wide variety of information, this is generic language used in all SafePay ransom notes and may not be true for the Ingram Micro attack.
A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider.
#Breach #Computer #Data #Email #Extortion #InfoSec #Jira #Leak #Orange #Ransom #S.A. #Security
The cyberattack over Labor Day weekend severely hampered operations at Seattle's airport, which is managed by the Port of Seattle.
Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%.
As the damage caused by ransomware and profits flowing to attackers reaches record levels, a panel of cybersecurity and policy experts reviewed what it might take
A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
Hackers released data from Los Angeles Unified School District on Saturday, a day after Supt. Alberto Carvalho said he would not negotiate with or pay a ransom to the criminal syndicate.
Maastricht University has doubled its money thanks to a ransomware attack three years ago. The university plans to help struggling students with its new funds.
Chipmaker has until Friday to comply or see its crown-jewel source code released.
