View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

This IT worker joined a cyberattack on his own company to try and pocket the ransom

The Oxford Biomedica IT worker changed payment details on the ransom demand to try and pocket the money.

By Claudia Glover

An IT researcher who used ransomware negotiations between his company and a gang of cybercriminals to try and funnel the ransom money into his own account has pleaded guilty to blackmail and unauthorised access to a computer in his own company.

Man found guilty of hacking into employers’ emails to capitalise on cyberattack. (Photo by Tupungato/Shutterstock)

Ashley Liles also created an email address similar to that of the attackers to try and pressure his employer, biotech company Oxford Biomedica, into paying the ransom. He will be sentenced on 11 July.

IT researcher staged cyberattack on his own company

A hearing at Reading Crown Court heard that Liles, 28, of Fleetwood, Letchworth Garden City, put his plan into action after Oxford Biomedica suffered a cyberattack in February 2018, where criminals gained access to the company’s online infrastructure and demanded a ransom payment in Bitcoin to unlock the systems.

In his role as IT security analyst, Liles worked with his colleagues and the police to try to mitigate the damage. But he had begun his own, secondary attack against the company in an effort to capitalise off the situation.

“He accessed a board member’s private emails more than 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker,” said a statement from the South East Regional Organised Crime Unit (SEROCU), which investigated the incident.

This was in a bid to funnel the ransom money into his own account, should it be paid. Liles doctored the original blackmail email and changed the payment address so that any funds would be transferred into his personal Bitcoin wallet. Unfortunately for the defendant, Oxford Biomedica did not pay up, and his illegal access of private company emails was noticed during the investigation.

Investigators noted unauthorised access was coming from Liles’ address, and when he was arrested a desktop computer, as well as a laptop, phone and a USB stick were seized. Despite his attempts to wipe the data from these devices, information was recovered which enabled charges to be brought.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Detective Inspector Rob Bryant from the SEROCU’s Cyber Crime Unit said: “I would like to thank the company and their employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice.” 

Malicious insiders are a growing threat to businesses

The threat of malicious insiders – attackers who emerge from within an organisation – to companies is growing. In the third quarter of 2022, security company Kroll saw insider threats peak to its highest quarterly level to date accounting for nearly 35% of all unauthorised access threat incidents. 

There was also a rise in the number of malware infections via USB, continues the report, potentially pointing to wider external factors that may encourage insider threat, such as an increasingly fluid labour market and economic turbulence. 

“Defending the business from someone on the inside can be particularly difficult, as the user often won’t raise any red flags and could have a high level of permissions and access rights,” said Jaycee Roth, associate manager of cyber risk at Kroll.

Read more: Former AWS engineer convicted over Capital One hack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.