Smashing Security podcast #151: Frankly, sometimes paying the ransom is a good idea

Graham Cluley
Graham Cluley
@[email protected]

Smashing Security #151: Frankly, sometimes paying the ransom is a good idea

Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn’t the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, with a featured interview with Rachael Stockton from Logmein.

Smashing Security #151: 'Frankly, sometimes paying the ransom is a good idea'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Show notes:

Sponsor: Code42

Code42 provides data loss protection for when employees quit.

60% of employees who quit their jobs admit to taking data. Your organization’s data is more portable than ever and you have employees leaving everyday.

Most organizations rely on prevention but there are simply too many ways for data to leave.

To learn more about how to protect your company’s data from insider threats visit

Sponsor: LastPass

LastPass Enterprise makes password security effortless for your organization.

LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.

But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.

Go to to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.

Sponsor: Immersive Labs

Immersive Labs provides the world’s first fully interactive, on-demand, and gamified cyber skills platform.

Try it for free at, and drive down your organisation’s cyber risk while reducing training costs.

Follow the show:

Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Smashing Security podcast #151: Frankly, sometimes paying the ransom is a good idea”

  1. Andy Gibbs

    Your suggestion to turn-off or somehow mute these home automation devices (Alexa etc) doesn't work for me.
    At last count I have 34 devices throughout my home which are voice activated via Alexa. So Alexa needs to be continually enabled to get any benefit from the voice activation. Trivial example – It's great being able to approach a darkened kitchen with arms full of heavy shopping bags and tell Alexa to switch on the worktop lights. If have to put the bags down first in order to unmute Alexa to instruct her to switch on the lights I may as well have just turned on the lights manually myself. Doh!

    Why is it that when new technology is launched, the manufacturers don't security 'harden' their shiny new things BEFORE they hit the market?!! You'll remember the same thing happened when wifi enabled home monitoring devices were launched. Oh – and laptop webcams + microphones before that, and so on.

    Is it niaivity, stupidity or just sheer laziness that the security implications are ignored until release 2.0?

    We need to introduce the equivalent of a CE or Kitemark standard for digital electrical appliances that confirm they've been adequately ' cyber-security' tested before launch. It's no different to expecting not to be electrocuted when we buy a kettle, toaster or hairdryer. I'm not a big fan of unnecessary regulation but digital technology is like the wild-west at the moment!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.