When you run a business, cyber attacks will always be a threat. Targets range from small businesses through to large organisations. Threat actors operate throughout the world and there are more and more sophisticated attacks occurring – but shockingly, a recent case highlights how a trusted employee manipulated a ransomware attack for his own means.
It has been confirmed that an Oxford-based company suffered a ‘normal’ ransomware attack. As is typical in such attacks, the threat actors contacted the company’s executives, demanding a ransom payment.
As an IT Security Analyst at the firm, Ashley Liles, alongside IT colleagues and the police, was involved in the internal investigations and incident response effort. It was during this investigation that Liles decided to commence a separate and secondary attack against the company.
The South East Regional Organised Crime Unit (SEROCU) found that Liles accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker.
His plan was to have his employer pay the ransom money to his cryptocurrency account. He also set up an almost identical email to that of the attacker and began pressurising his employer into paying the ransom. As the investigation was continuing, however, these emails and the unauthorised access to the board member’s emails were traced to his home IP address.
As he realised that the investigation was getting closer to identifying his actions, he wiped all activity from his home devices, but it was still possible for the SEROCU to restore the incriminating data following their raid on his home.
Whilst Liles initially denied involvement, he pleaded guilty at Reading Crown Court and will return to court in July to hear his sentence. According to UK law, unauthorised computer access is punishable by up to 2 years in prison, while blackmail carries a maximum imprisonment sentence of 14 years.
Whilst security checks on employees may help prevent an internal attack such as this one if you have your own IT team, most SMEs don’t have their even have their own IT team. If they suffered a ransomware attack, they are likely to flounder. Accessing an external company to oversee your cyber security could be the easiest way to help keep your business, its data, your finances and IP as safe and secure as possible. They can also help with investigations should your safety be compromised.
This is why the BCC developed Guardian, powered by IT specialists, Mintivo. A variety of plans suitable to your needs, from a free cyber security awareness plan or protection for any modern business offering world-class cyber security protection (usually only available to large corporate companies) for an affordable monthly fee. Guardian Professional and Guardian Enterprise are also available to meet greater cyber needs.