extortion

One IT Admin Locked 254 Servers. T-Mobile Lost Another Insider. Same Day.

John Z Black Apr 4, 2026

Incidents & Breaches #insider-threat #t-mobile #privileged-access #extortion #data-breach

A Kansas City engineer held his employer hostage for 20 bitcoin while T-Mobile quietly filed yet another insider breach. Privileged access is still the hardest problem in security.

ShinyHunters Just Hit the EU. Here's Why They Keep Getting Away With It.

John Z Black Mar 31, 2026

Incidents & Breaches #shinyhunters #european-commission #data-breach #aws #cloud-security #ticketmaster #europa-eu #extortion

The Insider Front Door: How Legitimate Access Keeps Becoming Extortion

John Z Black Mar 21, 2026

Incidents & Breaches #insider-threat #north-korea #extortion #access-management #workforce-fraud #contractor-risk

A data analyst extorted his employer for $2.5M using access his job gave him. Three Americans helped North Korean operatives infiltrate US companies as fake IT workers. Different crimes, same root problem.

After Stryker: Why Incident Response Now Starts in the Management Plane

John Z Black Mar 20, 2026

Security Operations & Resilience #incident-response #intune #control-plane-security #extortion #law-enforcement-coordination #iran-linked-threats

The Stryker fallout, Intune warnings, and leak-site disruption show a hard truth: incident response now lives or dies on control-plane integrity and coordinated external action.

The Ransomware 'Negotiator' Was Running the Attack: DigitalMint's $75M Double Cross

John Z Black Mar 13, 2026

Ransomware #ransomware #incident-response #digitalmint #blackcat #vendor-risk #extortion

Federal charges reveal DigitalMint's ransomware negotiators were allegedly running the attacks themselves. The second employee charged in the same operation. This wasn't a rogue employee. It was the business model.