In June, journalists covering security found themselves in a difficult position. A ransomware gang, LockBit, claimed it hacked one of the biggest cyber companies, Mandiant, and threatened to release stolen data. Mandiant said it saw no evidence of a breach. Later that day, when the hacking group’s “countdown clock” expired, LockBit revealed its ruse: Instead of posting stolen files, the hackers slammed Mandiant for research it had published about the gang’s origins. The position security journalists found themselves in wasn’t an uncommon one. Ransomware gangs frequently seek to use journalists — and to some extent, security researchers — to advance their aims, reports the Washington Post.

“A problem that a lot of reporters have privately wrestled with is, how do you report this which is important, without acting as a PR person for the ransomware groups?” said Allan Liska of the cybersecurity firm Recorded Future. Separating truth from fiction when examining the boasts of ransomware gangs is no easy task, as they’re prone to bravado, even as they have rung up high-profile victims and raked in billions. Last summer, Karma ransomware gang members began contacting individual journalists to tip them off to their successful attacks. Their goal, experts said, was to publicize the attacks to put pressure on victims to pay ransom demands. Last week, dark-web intelligence firm Digital Shadows published a report on ransomware gangs’ shoddy relationship with the truth. While such gangs might use journalists to further their goals, it doesn’t mean they value them, said Chris Morgan, senior cyberthreat intelligence analyst for the company.