In June 2022, a ransomware gang, LockBit, claimed it hacked one of the largest cyber companies, Mandiant, and threatened to release stolen data. When the hacking group’s countdown clock expired, instead of posting stolen files, the hackers slammed Mandiant for research it published about the gang’s origins.

Ransomware gangs frequently seek to use journalists and security researchers to advance their aims. Data Science Institute associate research scholar Susan McGregor studies security and privacy issues affecting journalists. She connected with Tim Starks of The Washington Post’s “The Cybersecurity 202” newsletter to discuss when to publish a ransomware group’s claims.

Susan McGregor, a Columbia University scholar focused on the intersection of security and journalism, cautioned against ‘celebritizing’ hackers. She advised journalists to consider the news value of reporting on an individual ransomware attack. The Colonial Pipeline hack was worth reporting as ‘millions and millions’ of people depended on that system, but a ransomware attack on a site where people post personal fetishes probably wouldn’t warrant a story, according to McGregor.

McGregor, Liska and Cuiujuclu all advised that journalists contact the alleged victims of hacks, even as they acknowledged victims have a motive to lie about being attacked, too. That’s why journalists should also branch out to other potential sources to discuss a ransomware incident.

Read More: For ransomware gangs, journalists are another tool of the trade