Could an ex-employee be planting ransomware on your firm’s network? • Graham Cluley
Could an ex-employee be planting ransomware on your firm’s network?
Graham CluleyGraham Cluley • @gcluley
8:11 pm, February 15, 2021
Could an ex-employee be planting ransomware on your firm's network?
Countless times I’ve underlined the need to reset passwords and revoke access rights when a worker leaves your company.
Former employees have been accused of stealing sensitive data, planting harmful code, and even – in the case of one ex-Yahooer – raiding accounts of users, foraging for nude photos and videos.
Now there are allegations that disgruntled ex-employees who have not have had their network access revoked might even be prepared to plant ransomware.
Yigit Ali Ercan33-year-old Yigit Ali Ercan, of Philadelphia, Pennsylvania, has been arrested after allegedly hacking into his former employer’s computer system.
According to reports, an unnamed company in Westport, Connecticut, contacted police in September 2020 after its computer systems were hacked and changes made to its website.
The next day, the company is alleged to have fallen victim to a ransomware attack that left it unable to access its files unless a ransom was paid.
Ercan’s LinkedIn profile suggests he was the head of operations at Westport-based Stamford Metal Group until September 2020, where he “presided over strategy, legal, finance, marketing, IT, HR and concept development functions.”
EmailSign up to our newsletter
Security news, advice, and tips.
Ercan, who has denied altering the company’s website, and planting any ransomware, has been released after posting a US $75,000 bond.
It remains to be seen what the outcome of Ercan’s case is, of course. And we have to assume his innocence unless he is proven guilty.
But as more and more companies struggle during the pandemic and make the difficult decision to let go of staff, there is more need than ever to ensure that proper steps are taken to prevent the possibility of former workers accessing systems to which they should no longer have access.
Because they might not just be stealing data. They could also be planting malware.
Graham CluleyGraham Cluley • @gcluley
8:11 pm, February 15, 2021
Could an ex-employee be planting ransomware on your firm's network?
Countless times I’ve underlined the need to reset passwords and revoke access rights when a worker leaves your company.
Former employees have been accused of stealing sensitive data, planting harmful code, and even – in the case of one ex-Yahooer – raiding accounts of users, foraging for nude photos and videos.
Now there are allegations that disgruntled ex-employees who have not have had their network access revoked might even be prepared to plant ransomware.
Yigit Ali Ercan33-year-old Yigit Ali Ercan, of Philadelphia, Pennsylvania, has been arrested after allegedly hacking into his former employer’s computer system.
According to reports, an unnamed company in Westport, Connecticut, contacted police in September 2020 after its computer systems were hacked and changes made to its website.
The next day, the company is alleged to have fallen victim to a ransomware attack that left it unable to access its files unless a ransom was paid.
Ercan’s LinkedIn profile suggests he was the head of operations at Westport-based Stamford Metal Group until September 2020, where he “presided over strategy, legal, finance, marketing, IT, HR and concept development functions.”
EmailSign up to our newsletter
Security news, advice, and tips.
Ercan, who has denied altering the company’s website, and planting any ransomware, has been released after posting a US $75,000 bond.
It remains to be seen what the outcome of Ercan’s case is, of course. And we have to assume his innocence unless he is proven guilty.
But as more and more companies struggle during the pandemic and make the difficult decision to let go of staff, there is more need than ever to ensure that proper steps are taken to prevent the possibility of former workers accessing systems to which they should no longer have access.
Because they might not just be stealing data. They could also be planting malware.
