Security News > 2023 > May > IT employee impersonates ransomware gang to extort employer
A press release published yesterday by the South East Regional Organised Crime Unit explains that in February 2018, the convicted man, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack.
Like many ransomware attacks, the threat actors contacted the company's executives, demanding a ransom payment.
During this phase, Liles is said to have attempted to enrich himself from the attack by tricking his employer into paying him a ransom instead of the original external attacker.
"Unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company," reads the SEROCU announcement.
"Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurize them to pay the money." explained SEROCU. However, the company owner wasn't interested in paying the attackers, and the internal investigations that were still underway at the time revealed Liles' unauthorized access to private emails, pointing to his home's IP address.
Although Liles realized the investigations closed in on him and had wiped all data from his personal devices by the time SEROCU's cyber-crime team stormed into Liles' home to seize his computer, it was still possible to restore incriminating data.