24 May 2023

Infosec analyst pleads guilty to hijacking ransom payment from his employer


Infosec analyst pleads guilty to hijacking ransom payment from his employer

A former IT security analyst at the UK-based gene and cell therapy company Oxford Biomedica has admitted to posing as a ransomware gang to steal ransom payment from his employer.

Ashley Liles, of Fleetwood, Letchworth Garden City, Hertfordshire, pleaded guilty to blackmail and unauthorized access to a computer with intent to commit other offences following an investigation by the South East Regional Organized Crime Unit (SEROCU).

The case dates back to February 2018, when the company was hit by a ransomware attack, with the threat actors demanding a £300,000 ransom in Bitcoin.

According to the police, Liles abused his role as a security analyst at the company to gain unauthorized access to a board member’s email account and change the payment address provided in the original blackmail email to one under his control in the hopes to divert any future payments to himself. Furthermore, Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurize them to pay the money.

His plan fell through when the company’s security team discovered the unauthorized access to the private emails and tracked this access to Liles’ home address.

During a search at Liles’ home the police seized a computer, laptop, phone, and the USB stick.

“Liles had wiped all data from his devices just days before his arrest in order to try to hide his involvement, however the data was recovered and this provided direct evidence of his crimes,” the police said.

Back to the list

Latest Posts

Ransomware attack on Optum subsidiary disrupts healthcare services across the US

Ransomware attack on Optum subsidiary disrupts healthcare services across the US

The attack compromised Change Healthcare's IT systems, leading to widespread disruptions in pharmacy services across the US.
27 February 2024
New IDAT Loader variant uses steganography to deliver Remcos RAT

New IDAT Loader variant uses steganography to deliver Remcos RAT

While focusing their strategic efforts on entities in Ukraine, UAC-0184 seemingly aimed to broaden their scope to include further entities associated with Ukraine.
27 February 2024
Large-scale spam operation hijacks over 8K subdomains of trusted brands

Large-scale spam operation hijacks over 8K subdomains of trusted brands

The threat actor employs methods such as CNAME hijacking and SPF record exploitation.
27 February 2024