Why Are Ransomware Victims Paying Millions But Still Losi...

This week on The Awareness Angle:

Harrods hit by another data breach as cyberattacks continue to pile up, with Renault, Dacia, and Asahi all reporting major incidents

Hackers behind the nursery data leak say they’ve deleted stolen images after public backlash, while criminals try to recruit a BBC journalist to help breach his own employer

Ransomware victims reveal the true cost of paying up, and Google warns of new extortion emails targeting Oracle customers

Plus: UK users blocked from Imgur, Roblox removes 8 million games to boost child safety, the BBC covers burnout in cyber, and the government pushes Apple for access to UK user data

Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube

Listen Now

Podcast · Risky Creative

Cyber Security Awareness Month videos with Hoxhunt

We’ve teamed up with Hoxhunt again this year to create a series of short, snappy videos for Cyber Security Awareness Month. Each one is just one to two minutes long and covers social engineering in messaging apps, the psychology behind social engineering, how AI is powering spear phishing, and how to spot deepfakes. They’re quick, practical, and perfect for sharing with your colleagues, friends, or family. You can grab them directly from the Hoxhunt toolkit, and there are unbranded versions if you’d like to use them in your own awareness programmes.

Get the toolkit here - https://hoxhunt.com/cybersecurity-awareness-month-toolkit-2025

This week's stories...

Hackers Offered a BBC Journalist 15% to Betray His Employer

Watch the discussion - https://youtu.be/5ljNIpdbGuA?t=374

It sounds like a movie plot, but it really happened. BBC cyber correspondent Joe Tidy was recently contacted by a criminal gang offering him a 15% share of any ransom payment, if he’d give them access to his BBC computer.

“Does the BBC even pay you much? Maybe ITV would pay you more — we can retire you.”

The gang even reassured him that the BBC’s security team “wouldn’t notice” and that they’d keep his secret. In reality, it was a classic insider recruitment attempt. A tactic we’re seeing more of as attackers realise that the easiest way into a network is through someone who already works there.

Joe, of course, didn’t take the bait. Instead, he reported it and shared screenshots in a BBC News article, showing how targeted, manipulative, and personal these approaches can be.

This story hits close to home for every organisation. Insider risk doesn’t always start with anger or intent as it can also begin with financial pressure, curiosity, or a single convincing message.

∠The Awareness Angle

Psychology over technology - Attackers don’t need exploits if they can exploit people.
Money and manipulation - Offers of wealth, status, or revenge are easy hooks when someone’s burnt out or undervalued.
Culture as defence - Build an environment where people feel trusted, supported, and able to speak up early.

When Hackers Have a Conscience

Watch the discussion - https://youtu.be/5ljNIpdbGuA?t=749

It’s not often you see cybercriminals say sorry, but that’s exactly what happened this week. The group behind the Kiddo Schools ransomware attack, who leaked photos and data of nursery children, have now apologised and said they’ve deleted the material after huge public backlash.

Just days earlier, they were releasing stolen images and contacting parents directly, demanding a £600,000 ransom. Once the story hit national headlines and public outrage grew, they changed tone completely, first blurring photos, then removing them altogether.

As Ant said on the show, maybe this was guilt, or maybe they just realised they’d gone too far and the heat was on. When you start leaking children’s photos and ringing parents, you cross a moral line that even some criminals know draws attention they don’t want.

We also talked about how this didn’t sound like a sophisticated nation-state job. It felt more like a small group or typically younger attackers who panicked once they realised how big it had become. The data probably wasn’t worth much anyway, and with that level of media attention, disappearing quietly might have felt like their best option.

Either way, it’s a reminder that public empathy and pressure can still have power. Even in cybercrime, there are moments that break through the noise and make people stop.

∠The Awareness Angle

Crossing the line – Attacks that target children or families hit differently. They remind us what’s really at stake.
Public pressure works – When people care and speak out, it can shift behaviour in ways policy can’t.
Teach empathy – Awareness isn’t about fear, it’s about connection. When people understand who’s affected, they care more.

Cyber Burnout Is Real

Watch the discussion - https://youtu.be/5ljNIpdbGuA?t=1635

The BBC ran a feature this week on burnout in cybersecurity, and it opened with a story about Ant. The piece explored how people across the industry are being asked to do more with less, and how that pressure is driving many towards exhaustion.

Ant has worked in cyber for more than a decade. While his focus is now on awareness and behaviour, he’s seen the long days and sleepless weekends that come with the job. He recalled the 2017 WannaCry outbreak, when he spent days on high alert trying to protect systems. “I was in my basement office that weekend,” he said. “The only window I had was tiny, like the size of a shoebox. I spent the whole weekend in the dark.” Imagine what it's been like at M&S, Co-Op or JLR?

When the BBC approached him for the story, Ant originally asked to remain anonymous. He now feels that decision says a lot about the stigma that still surrounds burnout and mental health in cybersecurity. He believes it’s important to talk about these experiences openly, because most people in the industry have been close to that line at some point.

The article, written by Joe Fay, also featured insights from ISC2’s CISO John France, who called burnout one of the sector’s biggest challenges. Cyber professionals rarely work nine to five, and even when they do, they’re still on call because attackers don’t clock off when we do.

As Ant said on the podcast, awareness teams aren’t immune either. The constant pressure to keep people safe, respond to incidents, and hold attention in an already noisy space can take a real toll. “If you think you’re close to burnout,” he said, “you’re probably not there yet — and you don’t want to find out where there really is.”

His message is simple. Sometimes the healthiest thing you can do for your organisation’s security is to step back. If you were off sick today, the world wouldn’t stop spinning. Mental health matters as much as physical health, and a healthy culture recognises that balance.

∠The Awareness Angle

Break the stigma – Talking about burnout isn’t weakness. It’s leadership.
Human sustainability – Awareness, resilience, and wellbeing go hand in hand.
Lead by example – When leaders take a break, it gives everyone else permission to do the same.

Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!

Awareness Awareness

Security Champions Research Project

If you run or support a Security Champions or Ambassador Programme, this one’s for you. The team at Layer 8 are running an open-source research project throughout October to better understand what makes these programmes work.

They’re looking to uncover:

What the most successful programmes have in common
The biggest challenges and how organisations are overcoming them
How teams measure the impact of their champions
What real-world results these programmes are delivering

The goal is to create a shared, open dataset that anyone in the community can use. Your contribution is completely anonymous, and the insights could help raise the bar for champion networks everywhere.

Take a few minutes to add your experience at the link below -

https://layer8champions.scoreapp.com/

Watch the discussion – https://youtu.be/5ljNIpdbGuA?t=2152

SANS Summit Awareness Chats

The chats we recorded at the SANS Security Awareness Summit are proving to be a goldmine for awareness professionals. They capture real stories from people working in the field, talking openly about what works, what doesn’t, and the challenges they face day to day.

These conversations aren’t polished keynote moments. They’re honest, useful, and full of practical ideas you can take back to your own programme. From how to handle security fatigue, to adapting based on feedback, to making awareness feel personal, they’re a reminder that our best learning often comes from each other.

You can now watch the videos from the summit, short, focused, and designed to inspire your next step. The last few will be released this week so subscribe to the YouTube channel to find out when it lands.

You can watch the chats we've already released on YouTube - https://youtube.com/playlist?list=PLEsOj51Q0PfBkhHwg2BTlxB6kfutJO1c3&si=NX6fTLIZbWWgGB_E

This Week's Discussion Points...

Main stories

Harrods says customers’ data stolen in IT breach
Watch | Read

Renault and Dacia cyber attack: customer phone numbers and addresses stolen from third party
Watch | Read

Japanese brewing giant Asahi hit by cyber-attack
Watch | Read

Cyber attacks: 80% of ransomware victims pay up, insurer says
Watch | Read

“You’ll never need to work again”: Criminals offer reporter money to hack BBC
Watch | Read

Hackers say they have deleted children’s pictures and data after nursery attack backlash
Watch | Read

Hackers are sending extortion emails to executives after claiming Oracle apps’ data breach
Watch | Read

Imgur blocks access to UK users after proposed regulatory fine
Watch | Read

Why burnout is a growing problem in cyber-security
Watch | Read

Government targets UK Apple users in new demand for data
Watch | Read

Awareness Awareness
Who Are The Champions? – Security Champions research project (Layer8)
Watch | Read

Ant’s Topics
Staff are pasting sensitive data into ChatGPT
Watch | Read

The best password managers to secure your digital life
Watch | Read

Luke’s Topics
AI deepfakes: Wan 2.2 Animate
Watch | Watch on TikTok

AI video generation: OpenAI Sora 2
Watch | Watch on TikTok

Subscribe to the Newsletter

https://www.riskycreative.com

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

And finally…The Internet Just Got Harder to Believe

Watch the discussion - https://youtu.be/5ljNIpdbGuA?t=2769

AI-generated video is moving faster than most people realise. On the show this week, Luke shared two clips that had us both staring at the screen in disbelief.

The first was from Wan 2.2 Animate, which takes a single still image and turns it into a moving person with matching gestures, expressions and lighting. The original video showed a man talking, and the AI version transformed him into a woman in real time. Even the hand movements matched. It wasn’t perfect, but drop the resolution a little and it would easily pass as genuine.

The second was from OpenAI’s Sora 2, which creates full video scenes from text prompts. One clip showed a figure skater spinning across the ice with a cat balanced on her head. It looked surreal, but also completely believable. The quality, the motion, even the reflections on the ice, all looked real.

As Luke pointed out, what’s most unsettling is how quickly this is improving. The text and physics still have flaws, but they’re shrinking by the month. I said on the show, it’s never going to get worse than it is today. It’s only going to get better from here, and that’s the scary part.

For awareness teams, this isn’t just a curiosity. It’s the next phase of social engineering. Deepfakes won’t just spread misinformation, they’ll power scams, voice calls and fake meetings that feel entirely authentic.

∠The Awareness Angle

Believability is the weapon – The tech doesn’t have to be perfect, it just has to feel real.
Slow down – If something shocks you, pause before reacting or sharing.
Teach verification – Check sources, reverse search, and question anything that feels too perfect.