A UK IT employee exploited a ransomware attack against the company he worked for in an attempt to extort money for himself. sentenced to imprisonment 3 years and 7 months.
As previously explained in our Smashing Security podcast, gene and cell therapy company Oxford Biomedica was hit with a ransomware attack in February 2018.
Hackers gained access to Oxford Biomedica’s systems and stole information, leading to a ransom demand from senior members of the company.
There is nothing unusual about it.
Oxford Biomedica worked with law enforcement to investigate the attack, identify how it came about, and ordered the IT team to close any remaining security holes to prevent future breaches.
Again, so far so good.
But what was clearly unusual was that one of the staff members assigned to investigate the ransomware attack actually took advantage of the situation and tried to trick his employer into handing over the ransom instead of the real hacker. is.
Lyles accessed the Oxford Biomedica executive’s email account and altered the original ransom demand to direct the money to be paid to a Bitcoin wallet under his control and not under the control of the hackers. .
This meant that if the corporation did finally decide to pay the ransom, it would end up going to Lyles rather than the (perhaps less happy) hacker who launched the attack.
Lyles then created an email address almost identical to the one used by the original hacker and began emailing employers to pressure them into paying a ransom worth £300,000.
As part of the investigation, UK SEROCU specialists identified someone accessing officers’ emails and tracked that access to Lyles. traced back to his home address.
Well, it looks like this IT security analyst isn’t covering his tracks properly.
A search of Lyles’ home later found computer equipment, a phone and a USB stick. Despite Lyles’ attempts to wipe criminal data from his device, digital forensic analysts were able to recover enough evidence to prove his involvement in the extortion.
Ashley Lyles, a resident of Fleetwood, Letchworth Garden City, Hertfordshire, was yesterday sentenced in Reading Crown Court on charges of unauthorized access to a computer with intent to commit extortion and other crimes.
It’s a story that deserves attention. Lyles was not involved in the original ransomware attack. It simply happened under his watch. And while some would say his initiative and recklessness are at odds, he tried to hijack a ransomware attack against his own employer for his own benefit.