Getting hit by a cyberattack and being held for ransom is bad enough for a company.
Even worse, your own employees will try to exploit the attack to steal the ransom.
Oxford Biomedica, a gene and cell therapy company, found itself in just such a situation.
On February 27, 2018, the Oxford-based company discovered that it had been under a cyberattack after receiving a ransom demand that it said malicious hackers had compromised the company’s systems.
The company did the right thing. We called the police, investigated the attack, figured out how it happened, and assigned our own IT security staff to mitigate the damage.
Among the internal staff assigned to the investigation was IT security analyst Ashley Lyles.
What Oxford Biomedica, the police, and other members of the IT team didn’t know was that Lyles planned to exploit the cyber attack for his own gain.
Lyles accessed the email account of the company executive who received the initial ransom demand and boldly altered the email to refer to a Bitcoin wallet he controlled instead of the original attacker. bottom.
That means that if Oxford Biomedica decides to pay £300,000 worth of bitcoin, the ransom goes into Lyles’ pocket, not the cybercriminals who launched the attack.
In addition, Lyles created an email address almost identical to the one used by the original attacker and sent a series of emails impersonating the attacker and demanding payment of a ransom to his employer.
But Oxford Biomedica had no intention of paying the ransom, and its employees assisted the police investigation, unaware that one of its employees was trying to defraud the company.
Specialized police officers from the Southeastern Regional Organized Crime Division’s Cybercrime Division discovered someone remotely accessing the officer’s email account and tracked him down to Liles’ home address.
A search of Liles’ home found a computer, laptop, phone and USB stick. However, perhaps anticipating suspicion, Lyles had wiped all data from the device a few days earlier.
But just as Liles failed to adequately conceal his tracks when he remotely accessed the director’s email account, so too did he fail to securely wipe the device. This means digital forensics experts were able to recover the incriminating data linking Mr. Lyles to the secondary attack.
For years, Lyles denied being involved in hacking his e-mail or trying to trick his employer into paying him a large sum of money, but he finally got involved in the Reading court this week. admitted. resolve to plead guiltyFive years after the first incident.
Lieutenant Rob Bryant of SEROCU Cybercrime Division said:
“I would like to thank the company and its employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering this type of crime. We have a team of cyber experts to investigate.” We need to investigate to ensure that those responsible are arrested and brought to justice. ”
Lyles is scheduled to be sentenced in Reading Crown Court on July 11 on charges of unauthorized computer access with criminal intent and threatening an employer.
Note: The opinions expressed in this guest author article are those of the contributor only and do not necessarily reflect those of Tripwire.