An IT worker in the UK has been convicted of unauthorized computer access and blackmail after attempting to take advantage of a ransomware attack on his employer.
Ashley Liles was found to have attempted to blackmail his employer, Oxford Biomedica, into paying a ransom in the wake of a 2018 security breach.
In February that year, the Oxford-based company suffered a security incident that saw threat actors gain unauthorized access to the company’s computer systems.
Jurors at Reading Crown Court heard that, during an investigation into the incident, Liles commenced a secondary attack against the company.
“Liles began to investigate the incident, in his role as the company’s IT security analyst and worked alongside colleagues and the police to try to mitigate the incident,” according to a statement from the South East Regional Organized Crime Unit (SEROCU).
“However, unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company.”
Liles accessed board members’ private emails more than 300 times and altered the original ransom note to change the payment address to his own cryptocurrency wallet.
Prosecutors said that Liles’ intention was that, if a payment was made, it would be made to him rather than the original attacker.
RELATED RESOURCE
The near and far future of ransomware business models
What would make ransomware actors change their criminal business models?
The security analyst was also found to have created an “almost identical” email address to the original ransomware attacker and began pressuring his employer to pay the ransom fee.
However, no payment was ever made and the unauthorized access to private emails was discovered, revealing that the access came from Liles’ home address.
A subsequent investigation by police officers from SEROCU’s cyber crime team arrested Liles in 2018 and conducted a search of his home.
Although digital devices were seized in the raid, Liles was found to have wiped all data from his devices to cover up his involvement in the scheme.
“Items seized from his address included a computer, laptop, phone and a USB stick,” SEROCU said.
“Liles had wiped all data from his devices just days before his arrest in order to try to hide his involvement, however the data was recovered and this provided direct evidence of his crimes.”
Liles initially denied his involvement despite this evidence being found, and did not plead guilty for around five years.
He is set to return to Reading Crown Court for sentencing on 11 July.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The complete guide to the NIST cybersecurity frameworkWhitepaper Find out how the NIST Cybersecurity framework is evolving
-
Are you prepared for the next attack? The state of application security in 2024Webinar Aligning to NIS2 cybersecurity risk-management obligations in the EU
-
The economics of penetration testing for web application securitywhitepaper Get the most value from your security solution
-
How to extend zero trust to your cloud workloadsWhitepaper Implement zero trust-based security across your entire ecosystem
-
Four requirements for a zero trust branchWhitepaper Effectively navigate the complex and ever-changing demands of security and network connectivity
