An IT specialist from a British company took advantage of a ransomware attack for his own purposes.
The man wanted easy money, but he could easily get only a charge of fraud.
Ashley Liles, a 28-year-old resident of Hertfordshire, admitted to gaining unauthorized access to corporate computers with malicious intent, as well as blackmailing his employer.
In February 2018, Lyles was reportedly working as an information security analyst for an Oxford-based company that was then attacked by ransomware. The attackers, as in many similar cases, demanded that the company’s management pay a ransom.
Lyles was involved in the internal investigation and aftermath of the attack, with the help of other company employees and the police. However, Lyles tried to take personal advantage of that attack by replacing the attackers’ payment details with his own so that the company would transfer the money to Lyles himself.
“He accessed the personal emails of the board member over 300 times, and also altered the original blackmail email and changed the payment address provided by the original attackers,” explained V SEROCU.
“Lyles also created an almost identical email address of the original attacker and began sending emails to his employer to pressure him into paying money,” the police added.
However, the owner of the company was not interested in paying the attackers, and ongoing internal investigations at that time revealed unauthorized access to the company’s personal letters, indicating IP address Liles’ house.
Although the man realized that the investigation was coming to him and erased all data from his personal devices, when law enforcement officers broke into his house to seize the computer, it was still possible to recover the incriminating data. Of course, Lyles denied his involvement for a long time, but after five years he nevertheless confessed to his deeds at a hearing in the court of the city of Reading. On July 11, 2023, the former employee will return to court to hear his final verdict.
Under UK law, unauthorized access to computers is punishable by up to two years in prison, and blackmail is punishable by a maximum of 14 years.