When people keep advising victims not to pay ransom because threat actors can't be trusted to really delete all the data, my inner researcher kicks in and wants to know how often that really happens.

So I started sending out inquiries.

Now you might think that those who publicly and repeatedly urge journalists to "spread the word" not to pay would respond and share some of their experiences with untrustworthy threat actors, but no..... they didn't even respond.

Read about the replies I did get, because they really surprised me.

I have no doubt that some professionals will hate what I have reported, but then, perhaps they should have responded, too, if they think differently.

How often do threat actors default on promises to delete data?
https://databreaches.net/2026/04/05/how-often-do-threat-actors-default-on-promises-to-delete-data/

#databreach #incidentresponse #ransom

@zackwhittaker @campuscodi @euroinfosec @lawrenceabrams @jgreig @securityaffairs @Hackread @h4ckernews

The Modern SOC Analyst's Arsenal: Tools, AI, and Skills for 2026

https://hackerworkspace.com/article/the-modern-soc-analyst-s-arsenal-tools-ai-and-skills-for-2026

#cybersecurity #incidentresponse #threatintelligence

I am a big fan of BakerHostetler's annual data security incident response reports because they are based on actual client experiences and data.

I just posted about their 2026 report, and commented on their healthcare sector data. As I had mentioned to @siguza, healthcare breaches tend to get higher ransom demands and higher settlements. Take a look at the 2025 data -- the highest initial ransom demand for a health entity client was $98M.

I'd love to know who the victim was and what TA or group demanded that much.

That said, the highest ransom actually paid for a healthcare sector breach by one of their clients last year was $5M.

Big delta.

My post: https://databreaches.net/2026/04/03/bakerhostetlers-2026-report-findings-from-1250-clients-breach-experiences-in-2025/

#ransomware #healthsec #incidentresponse #statistics #phishing #ransom #malware #databreach #cybersecurity

@campuscodi @amvinfe

This Is What a Personal Surveillance System Actually Looks Like

https://cha1nc0der.wordpress.com/2026/04/03/this-is-what-a-personal-surveillance-system-actually-looks-like/

🧠Turn your team into threat hunters, one dice roll at a time 💥

🎲 𝗗𝗨𝗡𝗚𝗘𝗢𝗡𝗦 & 𝗗𝗥𝗔𝗚𝗢𝗡𝗦: 𝗧𝗛𝗘 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗣𝗢𝗪𝗘𝗥 𝗧𝗢𝗢𝗟 𝗬𝗢𝗨 𝗗𝗜𝗗𝗡’𝗧 𝗞𝗡𝗢𝗪 𝗬𝗢𝗨 𝗡𝗘𝗘𝗗𝗘𝗗 - Klaus Agnoletti ( @klausagnoletti ) & Glen Sorensen 🛡️

Roleplaying isn’t just for nerds, it’s a proven method for building real security muscle. This talk reveals how structured tabletop roleplaying games unlock deeper learning, improve team cohesion, and turn abstract security concepts into lived experience. By simulating incident response, threat modeling, and zero-trust design through narrative-driven play, teams develop adaptive thinking, shared mental models, and faster decision-making under pressure.

Klaus Agnoletti https://www.linkedin.com/in/agnoletti/ is a freelance storytelling cyber security advisor, co-founder of BSides København, neurodiversity advocate, and architect of playful security transformation through narrative and gamification.

Glen Sorensen https://pretalx.com/bsidesluxembourg-2026/speaker/J3PRCC/ is a Solutions Engineer at DeleteMe, former vCISO, and incident master for HackBack Gaming. 20+ years in security engineering, GRC, and operations. Passionate about OSINT, AI-powered social engineering, and using tabletop games to train real-world response.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #GamifiedSecurity #CyberTraining #IncidentResponse #RolePlaying #SecurityLeadership #InfosecEducation #PlayToLearn