February 2018 Oxford Biomedica was victim of a typical ransomware attack.
Most insiders would be looking for a new job. One person used it as an opportunity!
An insider at Oxford Biomedica named Ashley Liles decided to change the ransom note’s payment address to an address he controlled. Liles also created an email address similar to the ransomware gang’s email address and sent emails to pressure his employer to pay the ransom to his wallet.
Oxford Biomedica did not pay.
During his attack, Liles also access a board member’s email over 300 times.
A search warrant was executed and it appeared as if Liles wiped his devices to cover his tracks.
Fortunately, 5 years after the attack Liles pled guilty. He is due to be sentenced July 2023.
However, unknown to the police, his colleagues and his employer, Liles commenced a separate and secondary attack against the company. He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker. Liles also created an almost identical email address to the original attacker and began emailing his employer to pressure them to pay the money.
No payment was made and the unauthorised access to the private emails was noticed. It was identified that this access came from Liles home address. Specialist police officers from SEROCU’s Cyber Crime team arrested Liles and conducted a search of his home address. Items seized from his address included a computer, laptop, phone and a USB stick. Liles had wiped all data from his devices just days before his arrest in order to try to hide his involvement, however the data was recovered and this provided direct evidence of his crimes.https://serocu.police.uk/man-convicted-of-blackmail-and-other-offences/
- https://www.databreaches.net/uk-man-jailed-for-more-than-three-years-for-attempting-to-extort-money-from-the-company-he-worked-for/ (Photo)
[00:00:08] Keith: Most people when they’re faced with ransomware might be looking for a new job. Not Ashley Liles of Oxford BioMedica! In February of 2018, Oxford BioMedica was a victim of a typical ransomware attack.
[00:00:26] An insider at their company named Ashley Liles decided to change the ransom note to a payment address that he controlled. So effectively, if his employer paid the ransomware, he would’ve been paid instead of the ransomware gang. It’s incredible, right? Liles also created an email address that was very similar to the ransomware gang’s email address, and then sent emails to pressure his employer to pay the ransom to his wallet.
[00:01:04] Thankfully, Oxford BioMedica did not pay. During his attack, liles also accessed a board member’s email over 300 times, and I You gotta wonder why, what was so important in that email that he had to go in there 300 times. When a search warrant was executed, it appeared as if Liles wiped his devices in order to cover his tracks.
[00:01:30] Fortunately, five years after the attack, Liles pled guilty. He’s due to be sentenced in July of 2023.
[00:01:38] If you enjoyed this quick eCrimeBytes nibble, I’m gonna guarantee you’re gonna like our eCrimeBytes full episodes where we take a case, and I say we as in my co-host, Seth and myself, we take a case and we look much more in depth at it than this.
[00:01:55] We look at the criminals, we look at the crime, how it happened technically, we look at the victims, we look at how it was caught. We look at how it was punished, and we try to put it together in a nice little story, and we try to make it lighthearted and humorous if we can, in order to make it fun and easy to listen to.
[00:02:15] So again, if you like this eCrimeBytes nibble, I really hope that you join me over on a eCrimeBytes full episode sometime soon. Thanks. Bye.
#ecrimebytes #electronic #truecrime #podcast #humor #funny #comedy #ransomware #blackmail #extortion #insider