Weekly Update 504

AndyC 26 May 2026

18 May 2026

It’s a hot topic, the old “pay or don’t pay” for hackers not to leak your data.

Weekly Update 504

Weekly Update 504

18 May 2026

It’s a hot topic, the old “pay or don’t pay” for hackers not to leak your data. Since recording this a few days ago, we’ve had Grafana go with the “no pay” approach, and I’ve seen a raft of commentary around other companies reaching “agreements”, which is a much politer way of saying “we paid extortionists a ransom”. I’m concerned about the normalisation of ransom payments, and using language that deflects from the criminal nature of it is a big part of that. Instructure’s exact words were that they “reached an agreement with the unauthorised actor involved”, which really waters down the severity of the whole thing. It looks like, for the time being, “pay or leak” is the new norm… along with nonsensical statements like “the data was returned to us” 🤷‍♂️

Listen on Apple Podcasts
Watch and Listen on YouTube
Download via RSS

Weekly update
Tweet
Post
Update
Email
RSS

Hi, I’m Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

What do you feel about this?

More Stories

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

AndyC 26 May 2026
Google adds open source Agent Executor to support AI agents in production

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

AndyC 26 May 2026
Building a Cyber Incident Response Team: The CISO’s Guide

Building a Cyber Incident Response Team: The CISO’s Guide

AndyC 26 May 2026
Cybersecurity Leadership in 2026: Why Gartner’s Three Pillars Aren’t Enough

Cybersecurity Leadership in 2026: Why Gartner’s Three Pillars Aren’t Enough

AndyC 26 May 2026
SCADA Security Best Practices for CISOs

SCADA Security Best Practices for CISOs

AndyC 26 May 2026
Inside the Boardroom and Beyond: Reflecting on My Induction into the EC-Council C|CISO Hall of Fame 2025

Inside the Boardroom and Beyond: Reflecting on My Induction into the EC-Council C|CISO Hall of Fame 2025

AndyC 26 May 2026

You may have missed

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

AndyC 26 May 2026
Google adds open source Agent Executor to support AI agents in production

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

AndyC 26 May 2026
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

AndyC 26 May 2026
Hacker Lists 340M OnlyFans User Records for Sale

Hacker Lists 340M OnlyFans User Records for Sale

AndyC 26 May 2026
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.