Rogue IT worker extorted company after hijacking ransomware attack

Abstract Technology Binary Code Dark Red Background
(Image credit: Getty Images)

An IT worker in the UK has been convicted of unauthorized computer access and blackmail after attempting to take advantage of a ransomware attack on his employer. 

Ashley Liles was found to have attempted to blackmail his employer, Oxford Biomedica, into paying a ransom in the wake of a 2018 security breach. 

In February that year, the Oxford-based company suffered a security incident that saw threat actors gain unauthorized access to the company’s computer systems. 

Jurors at Reading Crown Court heard that, during an investigation into the incident, Liles commenced a secondary attack against the company. 

“Liles began to investigate the incident, in his role as the company’s IT security analyst and worked alongside colleagues and the police to try to mitigate the incident,” according to a statement from the South East Regional Organized Crime Unit (SEROCU).

“However, unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company.”

Liles accessed board members’ private emails more than 300 times and altered the original ransom note to change the payment address to his own cryptocurrency wallet.  

Prosecutors said that Liles’ intention was that, if a payment was made, it would be made to him rather than the original attacker. 


Rear facing image of man sat in dark tech lab using VR headset and gloves

(Image credit: Trend Micro)

The near and far future of ransomware business models

What would make ransomware actors change their criminal business models?


The security analyst was also found to have created an “almost identical” email address to the original ransomware attacker and began pressuring his employer to pay the ransom fee

However, no payment was ever made and the unauthorized access to private emails was discovered, revealing that the access came from Liles’ home address.

A subsequent investigation by police officers from SEROCU’s cyber crime team arrested Liles in 2018 and conducted a search of his home. 

Although digital devices were seized in the raid, Liles was found to have wiped all data from his devices to cover up his involvement in the scheme. 

“Items seized from his address included a computer, laptop, phone and a USB stick,” SEROCU said. 

“Liles had wiped all data from his devices just days before his arrest in order to try to hide his involvement, however the data was recovered and this provided direct evidence of his crimes.”

Liles initially denied his involvement despite this evidence being found, and did not plead guilty for around five years. 

He is set to return to Reading Crown Court for sentencing on 11 July.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.