Close Menu
    Subscribe
    News

    Criminal gang tried to recruit reporter in ransomware plot

    Grace JohnsonBy No Comments4 Mins Read

    Insider threats rarely draw public attention in cyber-crime. Few employees encounter them. Even fewer speak about their experiences.

    I became one of those rare cases. A criminal group reached out to me and revealed how hackers attempt to recruit insiders.

    The first contact

    The approach was sudden. “If you are interested, we can offer you 15% of any ransom payment if you give us access to your PC.”

    The message came from someone calling themselves Syndicate. They contacted me in July through the encrypted app Signal. I had never heard of them, but I immediately understood their purpose.

    They wanted me to help them break into my employer’s systems. The plan was simple: steal data or deploy malware, then demand ransom. I would secretly take a share.

    A global problem

    I already knew such offers existed. Only days earlier, police in Brazil arrested an IT worker accused of selling login details. The case was tied to a $100m loss at a bank.

    I consulted a senior editor and then decided to play along. I wanted to see how these shadowy deals unfold, especially as cyber-attacks disrupt daily life worldwide.

    Syndicate soon changed their name to Syn and pressed their case.

    The pitch grows

    Syn explained that I should provide my login credentials and security code. Their team would hack my employer and demand payment in bitcoin. I would earn a cut.

    The offer quickly expanded. “We aren’t sure how much you earn but what if you took 25% of the final negotiation? We extract 1% of total revenue. You would never need to work again.”

    Syn said their team could demand tens of millions. Authorities advise against ransom payments, but Syn promised me wealth and secrecy.

    Deals with insiders

    Syn insisted they had succeeded before. He named two victims from this year: a UK healthcare firm and a US emergency services provider.

    “You’d be surprised at the number of employees who would provide us access,” he said.

    He introduced himself as “reach out manager” for Medusa, a ransomware-as-a-service group. He claimed to be western and the only English speaker in the gang.

    Medusa operates like a criminal platform. Affiliates sign up and use its tools to hack organisations. A research report suggested its leaders work from Russia or allied states.

    The group avoids Russian targets and promotes itself in Russian-language dark web forums.

    Rising pressure

    Syn shared a US warning about Medusa, which said the gang had attacked more than 300 victims in four years.

    I expressed doubts. He responded with Medusa’s darknet site and invited me to contact them on Tox, a secure messenger. He sent a recruitment page and urged me to deposit 0.5 bitcoin, worth about $55,000.

    He described the sum as guaranteed payment once I shared my login. “We aren’t bluffing or joking,” he said. “We are only for money.”

    He assumed I had deep technical access. I did not. He asked for information I could not provide and sent me code to run on my laptop. I refused.

    Escalation begins

    By the third day, I stalled, planning to brief the security team on Monday. Syn grew frustrated.

    “When can you do this? I’m not a patient person,” he warned. “I guess you don’t want to live on the beach in the Bahamas?”

    He set a Monday midnight deadline. Then he escalated.

    My phone started buzzing with login prompts. Every minute, the security app asked me to approve access.

    I recognised the tactic: MFA bombing. Hackers overwhelm victims with notifications until they approve one. Uber was hacked this way in 2022.

    It was disturbing to endure directly. The chat had escalated into direct pressure on my phone. It felt like criminals pounding on my door.

    Cutting the link

    I knew a single mistaken click would give them access. To the system, it would appear as a normal login. From there, they could search for sensitive data.

    I contacted the security team. We agreed to cut all my access: no email, no intranet, no tools.

    Later that evening, the hackers messaged me. “The team apologises. We were testing your login page and are sorry if this caused issues.”

    I replied that I was locked out and angry. Syn repeated his offer. I ignored him. Days later, he deleted his Signal account.

    A hard lesson

    Eventually, my access was restored with stronger protections. The episode gave me a rare look into insider threat tactics.

    Hackers constantly adapt and target insiders with bold strategies. Before this, I never truly understood the danger.

    It was a hard lesson in the risks every organisation faces.

    Share.

    Grace Johnson is a freelance journalist from the USA with over 15 years of experience reporting on Politics, World Affairs, Business, Health, Technology, Finance, Lifestyle, and Culture. She earned her degree in Communication and Journalism from the University of Miami. Throughout her career, she has contributed to major outlets including The Miami Herald, CNN, and USA Today. Known for her clear and engaging reporting, Grace delivers accurate and timely news that keeps readers informed on both national and global developments.

    Related Posts

    Add A Comment
    Leave A Reply

    Sign up for our free Daily newsletter

    We’ll be in your inbox every morning Monday-Saturday with all the day’s top business news, inspiring stories, best advice and exclusive reporting from Financialmirror.

    Important Links

    © 2025 Financial Mirror. All Rights Reserved.