Ransomware Gang Targets BBC Reporter

A ransomware gang’s brazen attempt to recruit a BBC reporter highlights the growing threat of insider attacks on major institutions.

Story Highlights

The Medusa ransomware gang attempted to recruit BBC’s Joe Tidy as an insider.
The gang offered a share of the ransom for access to BBC systems.
The BBC’s security team thwarted the attempt, protecting sensitive data.
This incident underscores the rising threat of insider recruitment by hackers.

BBC Reporter Targeted by Ransomware Gang

In July 2025, BBC cyber correspondent Joe Tidy received an unexpected message via Signal from a representative of the Medusa ransomware gang. The hacker, known as “Syndicate,” sought to recruit Tidy as an insider, offering him a share of any ransom collected in exchange for access to the BBC’s internal systems. This bold attempt highlights the evolving tactics of ransomware gangs in targeting high-profile figures to bypass security measures.

The offer from the Medusa gang escalated quickly, tempting Tidy with a potential 25% share of the ransom. This approach is a stark example of how ransomware-as-a-service operations are incentivizing insiders to aid in their cyberattacks. Despite the allure of financial gain, Tidy engaged with the hacker purely for intelligence-gathering purposes. However, the situation soon escalated to technical probing and a multi-factor authentication (MFA) bombing attempt.

🚨Hackers Tried to Recruit BBC Reporter as Insider.
“You'll never need to work again”

On 29 September 2025, BBC cyber correspondent Joe Tidy revealed that a criminal calling himself “Syndicate,” claiming ties to the Medusa ransomware group, tried to recruit him as an insider.… pic.twitter.com/94evyL0MrH

— Hackmanac (@H4ckmanac) September 29, 2025

Security Response and Aftermath

The BBC’s security team acted swiftly to protect its systems following the initial contact. They intervened to disconnect Tidy’s account, preventing any breach of the organization’s systems. The hacker, realizing the futility of the attempt, ceased communication and deleted their Signal account. This incident serves as a critical reminder of the importance of robust security protocols and the need for organizations to remain vigilant against such insider recruitment efforts.

The public disclosure of the incident by the BBC in September 2025 has drawn attention to the tactics employed by ransomware gangs. The transparency shown by the BBC in handling this situation may serve as a deterrent to future insider recruitment attempts, while also prompting other organizations to review and strengthen their own cybersecurity measures.

Implications for Cybersecurity and Media Organizations

The Medusa gang’s attempt to enlist a journalist as an insider threat underscores the increasing complexity of cyber threats faced by media organizations. This incident raises awareness about the need for heightened vigilance and improved security measures across the industry. As ransomware gangs continue to evolve their tactics, organizations must prioritize employee awareness and technical safeguards to counter such threats effectively.

The implications of this incident are far-reaching, not only highlighting the potential financial losses associated with successful ransomware attacks but also the broader erosion of trust in media organizations’ cybersecurity capabilities. It emphasizes the urgent need for a collective response to enhance industry-wide security protocols and protect against the rising threat of insider recruitment by cybercriminals.

Watch the report:Reporter offered money by cyber criminals to hack BBC | BBC News