Wednesday, 1st of September 2025
A BBC correspondent received an offer via Signal messenger from an individual claiming to represent the Medusa ransomware gang. Medusa is a ransomware-as-a-service operation - any criminal affiliate can sign up to its platform and use it to hack organisations. Medusa's administrators are thought to operate out of Russia or one of its allied states.
The proposition included 25% of potential ransom proceeds in exchange for network access into the BBC system. The criminals even offered 0.5 bitcoin (approximately $55,000) as an upfront guarantee.
The reporter then became a victim of "MFA bombing" - flooding his phone with authentication requests. The reporter says he was "too cautious to open up my chats with them in case I accidentally clicked accept. This would have given the hackers immediate access to my BBC accounts. The security system would not have flagged it as malicious as it would have looked like a normal login or password reset request from me. After that the hackers could have begun searching out access to sensitive or important BBC systems."
The incident was reported to BBC security teams, resulting in immediate system disconnection and after a few days the criminals erased all chats with the reporter.
The case of this reporter was used as training material by the BBC. It highlights the importance not only of security and privacy awareness training, but also of employee loyalty and employee satisfaction in regard to the employer.
