IT worker impersonates ransomware gang to extort employer



A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized pc entry with prison intent and blackmailing his employer.

A press launch printed yesterday by the South East Regional Organised Crime Unit (SEROCU) explains that in February 2018, the convicted man, Ashley Liles, labored as an IT Safety Analyst at an Oxford-based firm that suffered a ransomware assault.

Like many ransomware assaults, the risk actors contacted the corporate’s executives, demanding a ransom cost.

Resulting from his function within the firm, Liles took half within the inner investigations and incident response effort, which was additionally supported by different members of the corporate and the police.

Nevertheless, throughout this part, Liles is alleged to have tried to complement himself from the assault by tricking his employer into paying him a ransom as an alternative of the unique exterior attacker.

“Unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary assault towards the corporate,” reads the SEROCU announcement.

“He accessed a board member’s non-public emails over 300 occasions in addition to altering the unique blackmail e mail and altering the cost tackle offered by the unique attacker.”

The plan was to make the most of the scenario and divert the cost to a cryptocurrency pockets beneath Liles’ management, 

“Liles additionally created an nearly similar e mail tackle to the unique attacker and started emailing his employer to pressurize them to pay the cash.” defined SEROCU.

Nevertheless, the corporate proprietor wasn’t interested by paying the attackers, and the interior investigations that had been nonetheless underway on the time revealed Liles’ unauthorized entry to non-public emails, pointing to his residence’s IP tackle.

Though Liles realized the investigations closed in on him and had wiped all information from his private units by the point SEROCU’s cyber-crime group stormed into Liles’ residence to grab his pc, it was nonetheless doable to revive incriminating information.

Liles initially denied involvement, however 5 years later, he pleaded responsible throughout a Studying Crown Court docket listening to.

The rogue worker will return to courtroom on July eleventh, 2023, to listen to his sentence.

In response to UK regulation, unauthorized pc entry is punishable by as much as 2 years in jail, whereas blackmail carries a most imprisonment sentence of 14 years.