A former IT security analyst has been handed a prison sentence of nearly four years for his involvement in a failed extortion attempt during a ransomware attack on his former employer.
Ashely Liles, a 28-year-old from the U.K., exploited his position within an Oxford-based company to intercept a ransom payment, only to be caught in the act. Liles took advantage of his knowledge of the company's systems and posed as the ransomware gang responsible for the attack, Bleeping Computer reports.
He not-so-cleverly redirected the payments meant for the cybercriminals by altering the cryptocurrency wallet address to his own. In an attempt to increase pressure on his employer, Liles accessed the private emails of senior board members, making unauthorized alterations to the original blackmail messages.
However, the company chose not to comply with the demands of the attackers, leading to an internal investigation. During this process, it was discovered that Liles had accessed confidential emails without authorization. Tracing the unauthorized access back to Liles' home address, law enforcement officers from the South East Regional Organised Crime Unit (SEROCU) intervened.
Despite attempting to erase evidence from his personal devices, Liles' efforts were unsuccessful. SEROCU's cybercrime team was able to recover the incriminating data, leading to his arrest. Following a court hearing at Reading Crown Court, Liles finally pleaded guilty, five years after the initial incident occurred.
As a result, Liles has been sentenced to three years and seven months in prison for charges of blackmail and unauthorized access to a computer with intent to commit other offenses. It's important to note that unauthorized computer access carries a maximum prison term of two years under U.K. legislation, while blackmail is punishable by up to 14 years of imprisonment.
Key takeaway from this story: don't try to extort the organization you work for.
Follow SecureWorld News for more stories related to cybersecurity.
