An IT researcher who used ransomware negotiations between his company and a gang of cybercriminals to try and funnel the ransom money into his own account has pleaded guilty to blackmail and unauthorised access to a computer in his own company.
Ashley Liles also created an email address similar to that of the attackers to try and pressure his employer, biotech company Oxford Biomedica, into paying the ransom. He will be sentenced on 11 July.
IT researcher staged cyberattack on his own company
A hearing at Reading Crown Court heard that Liles, 28, of Fleetwood, Letchworth Garden City, put his plan into action after Oxford Biomedica suffered a cyberattack in February 2018, where criminals gained access to the company’s online infrastructure and demanded a ransom payment in Bitcoin to unlock the systems.
In his role as IT security analyst, Liles worked with his colleagues and the police to try to mitigate the damage. But he had begun his own, secondary attack against the company in an effort to capitalise off the situation.
“He accessed a board member’s private emails more than 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker,” said a statement from the South East Regional Organised Crime Unit (SEROCU), which investigated the incident.
This was in a bid to funnel the ransom money into his own account, should it be paid. Liles doctored the original blackmail email and changed the payment address so that any funds would be transferred into his personal Bitcoin wallet. Unfortunately for the defendant, Oxford Biomedica did not pay up, and his illegal access of private company emails was noticed during the investigation.
Investigators noted unauthorised access was coming from Liles’ address, and when he was arrested a desktop computer, as well as a laptop, phone and a USB stick were seized. Despite his attempts to wipe the data from these devices, information was recovered which enabled charges to be brought.
Detective Inspector Rob Bryant from the SEROCU’s Cyber Crime Unit said: “I would like to thank the company and their employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice.”
Malicious insiders are a growing threat to businesses
The threat of malicious insiders – attackers who emerge from within an organisation – to companies is growing. In the third quarter of 2022, security company Kroll saw insider threats peak to its highest quarterly level to date accounting for nearly 35% of all unauthorised access threat incidents.
There was also a rise in the number of malware infections via USB, continues the report, potentially pointing to wider external factors that may encourage insider threat, such as an increasingly fluid labour market and economic turbulence.
“Defending the business from someone on the inside can be particularly difficult, as the user often won’t raise any red flags and could have a high level of permissions and access rights,” said Jaycee Roth, associate manager of cyber risk at Kroll.