Close this search box.

IT Admin Found Guilty of Hijacking a Ransomware Attack To Extort His Own Company

The author

In cybersecurity circles, there’s a threat that’s sufficiently feared in which examples of it have on occasion acquired the status of professional legends—the possibility of a lone, rogue administrator running amok against their employer.

For years, stories of rogue admins concerned internal incidents known only within an individual organization. Then the Internet arrived. This not only hugely expanded the scope of rogue insider attacks but provided cybersecurity people in the know with a handy channel to share their terrible stories.

There are too many examples of the rogue admin phenomenon to recount here, but it’s not something one would normally connect to the theme of ransomware.

Until now, that is, because there’s always a first time for everything. Step forward Ashley Liles, now 28, an IT security analyst, who in February 2018 was among a team tasked with investigating a ransomware attack against his employer based in Oxford, England.

What unfolded next counts as one of the oddest ransomware incidents yet to come to public attention anywhere.

Ransomware Hijack

At some point in the investigation, Liles decided to turn the situation to his own advantage by hijacking the work of the cybercriminals from the inside. His tactic was simple—monitor the emails to the company from the attackers who had, naturally, demanded a ransom. 

According to South East Regional Organised Crime Unit (SEROCU), he accessed a board member’s private email inbox over 300 times to alter the attacker’s email message as well as the Bitcoin address provided to receive the ransom itself.

“Liles also created an almost identical email address to the original attacker and began emailing his employer to pressure them to pay the money,” explained a SEROCU release.

In the end, no payment was made, either to the original attacker or Liles. However, the unexpected email access from within the company was noticed and traced to Liles’ home address.

This was searched and various computer equipment seized. Liles tried to wipe the data from the devices to hide his involvement, but this was recovered by computer forensics, the police said.

Despite the weight of evidence, Liles reportedly denied involvement for five years before deciding recently to plead guilty. On May 17, he was found guilty at Reading Crown Court of blackmail and unauthorized access to a computer with intent to commit a crime. He will be sentenced on July 11.

The incident sets strange precedents while leaving some questions hanging.

Ransomware attacks are difficult enough events, but turning on your own company in their hour of need sets a new low for bad conduct.

There’s also the issue of why Liles—an IT person experienced enough to understand that everything that happens on a computer leaves a trace of some kind—seems to have believed he could cover his tracks. Most rogue admin attacks are malicious, vengeful, or simply fueled by a deluded sense of omnipotence. Trying to hijack a ransomware attack looks more like a case of opportunistic, rank foolishness.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap