A 28-year-old UK man from Fleetwood, Hertfordshire, has been found guilty of gaining unauthorized access to a computer with criminal intent and blackmailing his employer.

A press release issued yesterday by the South East Regional Organized Crime Unit (SEROCU) explains that in February 2018, the convicted man, Ashley Liles, was working as a computer security analyst at an Oxford-based company which suffered an attack from ransomware.

Like many ransomware attacks, threat actors contacted company executives, demanding payment of a ransom.

Due to his role at the company, Liles participated in internal investigations and incident response efforts, which were also supported by other members of the company and the police.

However, during this phase, Liles allegedly attempted to enrich himself from the attack by tricking his employer into paying him a ransom instead of the original external attacker.

“Unknown to police, his co-workers and his employer, Liles launched a separate and secondary attack on the company,” the statement read. SEROCU announcement.

“He accessed a board member’s private email over 300 times, edited the original blackmail email, and changed the payment address provided by the original attacker. .”

The plan was to take advantage of the situation and divert the payment to a cryptocurrency wallet under Liles’ control,

“Liles also created an email address almost identical to the original attacker’s and began emailing his employer to force him to pay the money.” explained SEROCU.

However, the company owner was not interested in paying the attackers, and internal investigations that were still ongoing at the time revealed Liles’ unauthorized access to private emails, pointing to the home IP address.

Although Liles realized that investigations were closing in on him and wiped all data from his personal devices by the time SEROCU’s cybercrime team broke into Liles’ house to seize his computer, there was still a possibility of restore incriminating data.

Liles initially denied involvement, but five years later pleaded guilty at a hearing at Reading Crown Court.

The rogue employee will return to court on July 11, 2023 to hear his sentence.

Under UK law, unauthorized access to a computer is punishable by up to 2 years in jailwhile blackmailing carries a maximum prison sentence of 14 years old.



Source link