Employee Impersonates Ransomware Gang To Extort Employer

Image provided by pixabay

This post is also available in: עברית (Hebrew)

According to a press release published by the UK Southeast Regional Organized Crime Unit (SEROCU), an IT security analyst at an Oxford based company impersonated a ransomware gang in an attempt to extort the company.

The company had recently reported a ransomware attack against executives, in which cybercriminals demanded a hefty ransom payment. During the internal investigation conducted by the company amidst incident response efforts, a 28-year-old IT analyst by the name of Ashley Liles attempted to trick his employer into paying him the ransom instead of the attacker.

“Unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company,” reads the SEROCU announcement.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker,” explained SEROCU.

“Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurize them to pay the money.” said SEROCU.

However, the company owner wasn’t interested in paying the attackers, and the internal investigations that were still underway at the time revealed Liles’ unauthorized access to private emails, pointing to his home’s IP address.

Although Liles realized the investigations closed in on him and had wiped all data from his personal devices by the time SEROCU’s cyber-crime team stormed into Liles’ home to seize his computer, it was still possible to restore incriminating data, according to reports by bleepingcomputer.com.