An IT worker in the UK has been convicted of unauthorized computer access and blackmail after attempting to take advantage of a ransomware attack on his employer.
Ashley Liles was found to have attempted to blackmail his employer, Oxford Biomedica, into paying a ransom in the wake of a 2018 security breach.
In February that year, the Oxford-based company suffered a security incident that saw threat actors gain unauthorized access to the company’s computer systems.
Jurors at Reading Crown Court heard that, during an investigation into the incident, Liles commenced a secondary attack against the company.
“Liles began to investigate the incident, in his role as the company’s IT security analyst and worked alongside colleagues and the police to try to mitigate the incident,” according to a statement from the South East Regional Organized Crime Unit (SEROCU).
“However, unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company.”
Liles accessed board members’ private emails more than 300 times and altered the original ransom note to change the payment address to his own cryptocurrency wallet.
Prosecutors said that Liles’ intention was that, if a payment was made, it would be made to him rather than the original attacker.
The near and far future of ransomware business models
What would make ransomware actors change their criminal business models?
The security analyst was also found to have created an “almost identical” email address to the original ransomware attacker and began pressuring his employer to pay the ransom fee.
However, no payment was ever made and the unauthorized access to private emails was discovered, revealing that the access came from Liles’ home address.
A subsequent investigation by police officers from SEROCU’s cyber crime team arrested Liles in 2018 and conducted a search of his home.
Although digital devices were seized in the raid, Liles was found to have wiped all data from his devices to cover up his involvement in the scheme.
“Items seized from his address included a computer, laptop, phone and a USB stick,” SEROCU said.
“Liles had wiped all data from his devices just days before his arrest in order to try to hide his involvement, however the data was recovered and this provided direct evidence of his crimes.”
Liles initially denied his involvement despite this evidence being found, and did not plead guilty for around five years.
He is set to return to Reading Crown Court for sentencing on 11 July.
