Medusa Ransomware Gang Targets BBC Correspondent for Insider Access

Timeline

1. 29.09.2025 20:31 1 articles · 11h ago

   Medusa Ransomware Group Attempts to Recruit BBC Correspondent

   In July 2025, the Medusa ransomware group contacted BBC cybersecurity correspondent Joe Tidy over Signal, offering him a financial incentive to act as an insider threat. The group planned to use Tidy's laptop to breach the BBC's network, steal valuable data, and demand a ransom. Tidy reported the incident to the BBC's information security team and was disconnected from the organization's infrastructure. The threat actors used MFA bombing tactics to try and gain access but were unsuccessful.

   Show sources

   • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

   Open in new tab

Information Snippets

• The Medusa ransomware group targeted a BBC correspondent, Joe Tidy, to gain insider access to the BBC's network.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• The threat actors offered Tidy 15% of the ransom, later increasing the offer to 25%, for providing initial access.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• The group planned to steal valuable data and demand a ransom in the tens of millions.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• The recruitment attempt involved multiple offers and promises of anonymity.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• Tidy reported the incident to the BBC's information security team and was disconnected from the organization's infrastructure.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• The threat actors used MFA bombing tactics to try and gain access but were unsuccessful.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• Medusa ransomware has been active since January 2021 and is known for double-extortion attacks.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• CISA reported over 300 attacks by Medusa on critical infrastructure organizations in the United States.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• Medusa recruits initial access brokers through cybercrime forums and darknet marketplaces.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31

• Ransomware gangs like LockBit have previously explored the potential of rogue employees for initial access.

  First reported: 29.09.2025 20:31
  1 source, 1 article
  Show sources

  • Ransomware gang sought BBC reporter’s help in hacking media giant — www.bleepingcomputer.com — 29.09.2025 20:31