Insider threats rank among the most dangerous tools in cyber-crime. Few employees face them. Even fewer share their experiences publicly.
I recently became one of those rare cases. A criminal group approached me with a shocking offer: betray my employer for millions.
Unexpected message
The first contact came without warning. “If you are interested, we can offer you 15% of any ransom payment if you give us access to your PC.”
The sender called themselves Syndicate. They reached me in July through Signal, an encrypted messaging app. I did not know them, but I quickly understood their goal.
They wanted me to help them infiltrate my employer’s systems. Their plan: steal data or install malware, then demand ransom. I would secretly receive a cut.
Insider threat on the rise
Insider betrayal is a growing problem worldwide. Days earlier, Brazilian police arrested an IT worker accused of selling login credentials. Investigators linked the case to a $100m banking loss.
I sought advice from a senior editor and chose to play along. I wanted to see how criminals pitch these schemes.
Syndicate, who later renamed themselves Syn, explained the operation in detail.
A tempting offer
Syn asked me to provide login credentials and security codes. Their team would hack my employer and demand bitcoin ransom. I would receive a share.
The proposal quickly escalated. “What if you took 25% of the final negotiation? We extract 1% of total revenue. You would never need to work again.”
Syn claimed the ransom could reach tens of millions. Authorities strongly advise against paying, but Syn promised both secrecy and fortune.
Insider deals
Syn said the gang had successfully recruited insiders before. He named two recent victims: a UK healthcare company and a US emergency services provider.
“You’d be surprised at how many employees give us access,” he said confidently.
He described himself as “reach out manager” for Medusa, a ransomware-as-a-service group. He claimed to be western and the only English speaker in the gang.
Medusa operates like a criminal platform. Affiliates sign up and use its tools to hack organisations. Security researchers say its leaders operate from Russia or allied states.
The group avoids Russian targets and advertises on Russian-language dark web forums.
Escalating pressure
Syn sent a US alert about Medusa, listing 300 victims. He shared darknet links and recruitment pages, urging me to deposit 0.5 bitcoin, around $55,000.
He described it as guaranteed money once I handed over credentials. “We aren’t bluffing. We are only here for money.”
He assumed I had privileged access. He asked technical questions and sent code to run on my laptop. I refused.
Aggressive tactics
After three days, I stalled, planning to alert the security team. Syn grew impatient.
“When can you do this? I’m not a patient person,” he warned. “I guess you don’t want to live on the beach in the Bahamas?”
He set a strict deadline. Then the harassment escalated.
My phone flooded with login requests. Every minute, the security app asked me to approve access.
I recognised the tactic: MFA bombing. Hackers overwhelm victims until they approve a request. Uber was attacked this way in 2022.
It was unsettling. The private conversation had turned into direct pressure on my phone. It felt like intruders pounding at my door.
Cutting access
I knew one wrong tap would give them full control. The system would treat it as a normal login. From there, they could explore sensitive networks.
I contacted the security team. We disconnected me completely: no email, no intranet, no accounts.
That evening, Syn sent a calm message. “The team apologises. We were testing your login page and are sorry if this caused issues.”
I explained I was locked out. Syn repeated the offer. I ignored him. Days later, he deleted his Signal account.
A chilling lesson
Eventually, my access was restored with stronger protections. The incident gave me firsthand insight into insider threat tactics.
Hackers constantly adapt and target insiders. Until this happened, I had not fully understood the risks.
It was a chilling reminder of the dangers every organisation faces today.
