IT admin charged with extorting employer by locking down hundreds of workstations

News
By published

Ransomware attackers don't always have to be outsiders

Jump to:

Ransomware threat actors don’t always have to come from outside the victim organization - take Daniel Rhyne, a 57-year-old man from Kansas City, Missouri, who is being charged with locking down, and trying to extort, his own employer.

Allegedly, late last year, Rhyne was working at an industrial company in Somerset County, New Jersey. One day in November, he reset passwords to all network administrator accounts, as well as hundreds of user accounts. He deleted all backups, and locked users out of hundreds of servers, and thousands of workstations. Roughly an hour later, he mailed everyone to notify them of the attack, and to demand a ransom in exchange for re-establishing access.

These claims are being made by the FBI, who investigated the attack, and later charged the man with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.

TheFr0zenCrew!

Cumulatively, should he be convicted on all charges, Rhyne could be facing up to 35 years in jail, and a fine of $500,000, The Register reports.

The FBI shared a few details to back its claims. For example, Rhyne used Windows’ net user and Sysinternals Utilities’ PsPasswd tool to change people’s passwords to “TheFr0zenCrew!”. Furthermore, he kept a hidden virtual machine on his company-issued laptop, which he used to remotely access an admin account. This account had the same password - TheFr0zenCrew!.

Also, he used his company-issued laptop to search for a few damning things, such as "command line to change password," "command line to change local administrator password," and "command line to remotely change local administrator password."

Finally, he was seen coming to work, logging into his laptop, doing the searches, and then looking at company password spreadsheets, while at the same time accessing the hidden VM.

Via The Register

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Concept art representing cybersecurity principles
How to combat exfiltration-based extortion attacks
Representational image of a cybercriminal
Should ransomware payments be illegal?
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Nimo N172 laptop

This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event