{"id":216487,"date":"2026-05-19T10:42:00","date_gmt":"2026-05-19T14:42:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/19\/shinyhunters-goes-after-cybersecurity-firm-warning-victims-not-to-pay-ransoms\/"},"modified":"2026-05-19T10:45:15","modified_gmt":"2026-05-19T14:45:15","slug":"shinyhunters-goes-after-cybersecurity-firm-warning-victims-not-to-pay-ransoms","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/19\/shinyhunters-goes-after-cybersecurity-firm-warning-victims-not-to-pay-ransoms\/","title":{"rendered":"ShinyHunters Goes After Cybersecurity Firm Warning Victims Not to Pay Ransoms"},"content":{"rendered":"

ShinyHunters Goes After Cybersecurity Firm Warning Victims Not to Pay Ransoms<\/a><\/p>\n

https:\/\/www.pcmag.com\/news\/shinyhunters-goes-after-cybersecurity-firm-warning-victims-not-to-pay-ransoms<\/a><\/p>\n

Publish Date: 2026-05-19 10:42:00<\/a><\/p>\n

Source Domain: www.pcmag.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n A cybersecurity company says the hacking gang ShinyHunters has tried to censor and cut off its communications after it urged the public to refuse to pay the group’s ransom demands.\u00a0\u201cThey want you to forget past behavior that caused victims to stop taking them seriously,\u201d warned Allison Nixon, chief research officer for cybersecurity vendor Unit 221B. \u201cThey are also flooding our email to make it more difficult for journalists to reach us.\u201d\u00a0Nixon posted the message on LinkedIn after ShinyHunters reached a new level of infamy earlier this month for hacking Canvas, an online educational system used by thousands of universities and schools in the US. The hackers posted an extortion note on Canvas claiming they had stolen data from tens of millions of students at nearly 9,000 schools and educational institutions.\u00a0
\nIn response, Canvas developer Instructure made the controversial decision to pay the extortion demand under an \u201cagreement\u201d that the stolen data be deleted. However, the payment is a major win for ShinyHunters and is expected to fuel the group\u2019s hacking efforts.\u00a0Nixon is urging victims of ShinyHunters to think twice before surrendering to the group\u2019s demands. \u201cThey don\u2019t have a convincing argument about why you should pay in the first place,\u201d she told PCMag in an interview. \u201cTheir only answer to you is that they will hurt you. But that\u2019s not a rational answer.\u201d<\/p>\n

(Credit: ShinyHunters)<\/p>\n

Nixon initially flagged the risks of paying ShinyHunters in February while speaking with cybersecurity journalist Brian Krebs. \u201cShinyHunters rely on the intensity of their emotional manipulation to force you to make a snap decision, within 72 hours, to pay the ransom to stop the harassment,\u201d Unit 221B added in a blog post warning that the gang uses violent threats to get what they want, along with bombarding victims with email and text messages. Since then, Nixon\u2019s company has been flooded with emails for random account verifications and newsletter signups, likely to drown out legitimate messages to Unit 221B. In February, employees at her company also received anonymous text messages, saying \u201cback off. Fire Allison Nixon otherwise she will bring upon deadly forces targeted toward herself and your random Company.\u201d <\/p>\n

(Credit: Allison Nixon)<\/p>\n

ShinyHunters also posted messages in a Telegram chat, saying \u201cA.N will probably back down when she is faced with a threat that is not just a digital threat.\u201d\u201cThey also flooded us with calls,” Nixon told PCMag. \u201cAnd these are the people who want corporations to trust them with millions of dollars that they pinky promise not to resume the same data to extort them more.\u201d<\/p>\n

(Credit: Allison Nixon)<\/p>\n

Instructure framed its decision to pay as an \u201cagreement\u201d that \u201creturned\u201d the stolen data to the company. But in reality, the company is asking a gang of cybercriminals to keep their promise when they could easily sell or re-abuse the stolen data months or even years from now, Nixon says. The group could also dump their hacker handle for another.\u201cPromises should be understood in the context that most extorters are drug addicts and\/or mentally unstable. Ask yourself what matters more to them: their reputation, or more cocaine?\u201d she wrote in her LinkedIn post.\u00a0In Instructure\u2019s case, the company says it received \u201cdigital confirmation of data destruction (shred logs).\u201d However, Nixon says, “It\u2019s completely unprovable\u201d when such logs or videos can be easily faked.\u00a0Nixon isn\u2019t alone in her concerns about victims falling for the group\u2019s scare tactics. Last Friday, the FBI issued an advisory that warned the ShinyHunters can use \u201creal or exaggerated claims of access to sensitive or personal information to prompt payment from victims,” adding, “Threat actors may falsely claim to have sensitive or compromising information, including embarrassing photographs or videos of victims, which frequently do not exist.”Instructure didn\u2019t respond to a request for comment about the FBI\u2019s advisory. That said, the company\u2019s investigators uncovered evidence that ShinyHunters did steal data, such as usernames, email addresses, course names, enrollment information, and messages, from affected schools.\u00a0But Nixon previously pointed out that “paying a criminal group cannot un-breach data or avoid regulatory fines or lawsuits.” Instructure is already facing more than a dozen class-action lawsuits for the hack. Dealing With ‘Underage Extortionists’\u201cThe victims are in an extraordinary position. I don\u2019t mean to criticize anyone who made or didn\u2019t make a payment,\u201d Nixon said. \u201cThe fault really lies with the person doing the harm. That lies with these underage extortionists.\u201d\u00a0<\/p>\n

Recommended by Our Editors<\/p>\n

According to Nixon\u2019s research, the hackers behind the group appear to be young men, including teenagers, who\u2019ve taken up the ShinyHunters moniker, a name that’s been around since at least 2019. \u201cPart of this debate is whether the victims should pay. The answer to this debate is that they need to all get arrested, they are all known,\u201d she added. Although she didn\u2019t get into details, the cybersecurity journalist Brian Krebs in November identified an admin related to the group as a 16-year-old based in Amman, Jordan.\u00a0Meanwhile, Nixon has worked with the FBI before to help identify and catch cybercriminals. She noted that \u201cbecause these are kids, governments may not take the threat seriously, allowing the problem to fester. They may not be used to dealing with cybercrime, they may not be tracking the issue. Meanwhile, [ShinyHunters] are finding and grooming more children, and recruiting them into the group,\u201d she added.\u00a0\u00a0Prior to hacking Canvas, ShinyHunters also claimed to have hacked Vimeo, ADT Security, and Rockstar Games, among others. The group is known to use English-language voice calls and impersonation to trick employees into handing over internal access to a company’s IT systems. Still, the stolen data may not always be sensitive. Rockstar Games refused to pay the group, which released the company’s stolen data, but it consisted solely of internal business information, to seemingly no effect. Still, Nixon noted that ShinyHunters has attracted the media’s attention. When it claims to have breached a company, journalists can end up hammering the victim companies, which can result in bad PR and further pressure to pay up. In response to Nixon, ShinyHunters has denied any involvement with trying to silence her or her company. \u201cUnit221B is known to have a personal and emotional vendetta against us. They resort to spreading misinformation about us because they are eager to \u2018dismantle and disrupt\u2019 us by any means,\u201d the group told PCMag.\u00a0\u201cIn general, we do not try to censor anyone and cannot be bothered to do so. If we see misinformation regarding us reported we send a simple one-time kind message regarding what we find as misinformation and try to correct them,\u201d the group said, later adding: “We keep a good and open relationship with the press and security researchers if they wish to inquire us.”But Nixon noted the gang has been messaging media outlets in what she called \u201cthe most low effort gaslighting, and no one believes them,” adding, “What they are doing is doling out information to people that say what they want, because controlling the information landscape is a critical part of their operation.”<\/p>\n

About Our Expert<\/p>\n

Michael Kan
\n Principal Reporter<\/p>\n

Experience<\/p>\n

I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service. I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.<\/p>\n

Read Full Bio<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

ShinyHunters Goes After Cybersecurity Firm Warning Victims Not to Pay Ransoms https:\/\/www.pcmag.com\/news\/shinyhunters-goes-after-cybersecurity-firm-warning-victims-not-to-pay-ransoms Publish Date: 2026-05-19…<\/p>\n","protected":false},"author":1,"featured_media":216488,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/i.pcmag.com\/imagery\/articles\/02D2jMnhfWMr4adW8GaOEQi-1.fit_lim.size_1200x630.v1779138802.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,35,32],"class_list":["post-216487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-hacker","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216487"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216487"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216487\/revisions"}],"predecessor-version":[{"id":216489,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216487\/revisions\/216489"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216488"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}