Cybersecurity is wild isn’t it? The fact that cybersecurity attacks where bad actors literally can hold your data ransom and (attempt to) force you to pay for it back is crazy enough it itself.

What’s even worse? When an employee tries to play the hackers.

Travel with me if you will back to February 2018, Oxford BioMedica, a gene and cell therapy firm had been the unfortunate victim of a ransomware attack. Rather than paying the ransom right away, the firm alerted authorities and assigned its IT team with the task of figuring out how it happened and what they could do to ensure minimal damage.

Oxford BioMedica did the right thing. But what they couldn’t account for was the fact that one of their own IT employees was planning on taking matters into his own hands. This employee was IT security analyst Ashley Liles.

Liles decided that he was going to try and take advantage of his role in the investigation in an effort to intercept the ransom for himself.

He accessed the email account of a board member who received the initial ransom demand, and changed the contents of the email to reference a Bitcoin wallet that belonged to himself and not the original attacker. The end result could have been Liles receiving a ransom payment of 300,000 pounds in his bitcoin account rather than the cyber criminals.

Liles took it even one step further by creating an email that was nearly identical to the original attacker’s email. He used this email to pressure his employer into paying the ransom.

Despite his rather bold efforts, Oxford BioMedica never intended on paying the ransom – instead choosing to work with police during the investigation. Through the investigation, officers from South East Regional Organised Crime Unit’s Cyber Crime Unit found that someone had been accessing the compromised board member’s email account remotely, and traced it back to Liles’ home.

A search of Liles’ property revealed a computer, laptop, phone and flash drive – all of which had been wiped days before. Ashley thought he was a step ahead.

However, Liles was unable to securely and properly wipe the devices because digital forensic experts were able to recover incriminating evidence that connected Liles to the attack.

At the end of June, after years of denying his involvement in the secondary attack, Liles finally admitted his wrong doing and plead guilty. Liles is expected to be sentenced next week for the crimes.

Detective Inspector Rob Bryant released a statement saying "I would like to thank the company and their employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice."

Story via Tripwire