Ashley Liles, a 28-year-old former IT security analyst from Letchworth Garden City in Hertfordshire, has been convicted of blackmail and unauthorized access to a computer with intent to commit other offences. The case revolves around a ransomware attack on Oxford Biomedica, a gene therapy specialist based in Oxfordshire, where Liles was employed at the time of the incident in February 2018.
During the ransomware attack, Liles was tasked with incident response and worked closely with colleagues and law enforcement to mitigate the impact of the attack. However, unbeknownst to his colleagues and law enforcement, Liles simultaneously launched a secondary attack against the company’s systems.
In the course of his attack, Liles accessed a board member’s private emails multiple times and altered the original ransom demand to change the payment address of the Bitcoin wallet to which the ransomware gang was demanding payment. This would have ensured that any payment made by Oxford Biomedica would have been diverted to Liles.
Liles also sent threatening emails to his employer to further pressurize them into paying the ransom, a common tactic deployed by ransomware gangs during their attacks. However, his unauthorized access to the private email account was noticed, and police were able to identify that the account was being accessed from his home address.
The South East Regional Organised Crime Unit’s (SEROCU’s) Cyber Crime Unit subsequently arrested Liles and searched his home, seizing multiple items including a computer, laptop, phone, and USB stick. Although Liles had wiped the devices to try to throw the police off the scent, his IT skills proved insufficient in this area as well, and forensics experts were later able to successfully recover the data to be used as evidence at his trial.
Liles, who had initially tried to deny any involvement in the cyber attack, was convicted after changing his plea to guilty. He is set to be sentenced at Reading Crown Court in July 2023.
This case serves as a reminder of the potential for insider threats within organizations and the importance of robust security measures and monitoring systems to detect and prevent such incidents.
Sources: