IT employee impersonates ransomware gang to extort employer

IT employee impersonates ransomware gang to extort employer
By Bill Toulas
May 23, 2023 11:22 AM 5
Arrest

A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer.

A press release published yesterday by the South East Regional Organised Crime Unit (SEROCU) explains that in February 2018, the convicted man, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack.

Like many ransomware attacks, the threat actors contacted the company's executives, demanding a ransom payment.

Due to his role in the company, Liles took part in the internal investigations and incident response effort, which was also supported by other members of the company and the police.

However, during this phase, Liles is said to have attempted to enrich himself from the attack by tricking his employer into paying him a ransom instead of the original external attacker.

"Unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company," reads the SEROCU announcement.

"He accessed a board member's private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker."

The plan was to take advantage of the situation and divert the payment to a cryptocurrency wallet under Liles' control,

"Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurize them to pay the money." explained SEROCU.

However, the company owner wasn't interested in paying the attackers, and the internal investigations that were still underway at the time revealed Liles' unauthorized access to private emails, pointing to his home's IP address.

Although Liles realized the investigations closed in on him and had wiped all data from his personal devices by the time SEROCU's cyber-crime team stormed into Liles' home to seize his computer, it was still possible to restore incriminating data.

Liles initially denied involvement, but five years later, he pleaded guilty during a Reading Crown Court hearing.

The rogue employee will return to court on July 11th, 2023, to hear his sentence.

According to UK law, unauthorized computer access is punishable by up to 2 years in prison, while blackmail carries a maximum imprisonment sentence of 14 years.