A UK IT employee exploited a ransomware attack against the company he worked for in an attempt to extort money for himself. sentenced to imprisonment 3 years and 7 months.

As previously explained in our Smashing Security podcast, gene and cell therapy company Oxford Biomedica was hit with a ransomware attack in February 2018.

Hackers gained access to Oxford Biomedica’s systems and stole information, leading to a ransom demand from senior members of the company.

There is nothing unusual about it.

Oxford Biomedica worked with law enforcement to investigate the attack, identify how it came about, and ordered the IT team to close any remaining security holes to prevent future breaches.

Again, so far so good.

But what was clearly unusual was that one of the staff members assigned to investigate the ransomware attack actually took advantage of the situation and tried to trick his employer into handing over the ransom instead of the real hacker. is.

Lyles accessed the Oxford Biomedica executive’s email account and altered the original ransom demand to direct the money to be paid to a Bitcoin wallet under his control and not under the control of the hackers. .

This meant that if the corporation did finally decide to pay the ransom, it would end up going to Lyles rather than the (perhaps less happy) hacker who launched the attack.

Sign up for our free newsletter.
Security news, advice and tips.

Lyles then created an email address almost identical to the one used by the original hacker and began emailing employers to pressure them into paying a ransom worth £300,000.

As part of the investigation, UK SEROCU specialists identified someone accessing officers’ emails and tracked that access to Lyles. traced back to his home address.

Well, it looks like this IT security analyst isn’t covering his tracks properly.

A search of Lyles’ home later found computer equipment, a phone and a USB stick. Despite Lyles’ attempts to wipe criminal data from his device, digital forensic analysts were able to recover enough evidence to prove his involvement in the extortion.

Ashley Lyles, a resident of Fleetwood, Letchworth Garden City, Hertfordshire, was yesterday sentenced in Reading Crown Court on charges of unauthorized access to a computer with intent to commit extortion and other crimes.

It’s a story that deserves attention. Lyles was not involved in the original ransomware attack. It simply happened under his watch. And while some would say his initiative and recklessness are at odds, he tried to hijack a ransomware attack against his own employer for his own benefit.

How stupid!

Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,


Graham Cluley is a cybersecurity industry veteran and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent analyst, making regular media appearances and an international speaker on the subject of cybersecurity, hackers and online privacy.please follow him twitter, MastodonBluesky, or email him.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog