IT admin charged with extorting employer by locking down hundreds of workstations
Ransomware attackers don't always have to be outsiders
Ransomware threat actors don’t always have to come from outside the victim organization - take Daniel Rhyne, a 57-year-old man from Kansas City, Missouri, who is being charged with locking down, and trying to extort, his own employer.
Allegedly, late last year, Rhyne was working at an industrial company in Somerset County, New Jersey. One day in November, he reset passwords to all network administrator accounts, as well as hundreds of user accounts. He deleted all backups, and locked users out of hundreds of servers, and thousands of workstations. Roughly an hour later, he mailed everyone to notify them of the attack, and to demand a ransom in exchange for re-establishing access.
These claims are being made by the FBI, who investigated the attack, and later charged the man with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
TheFr0zenCrew!
Cumulatively, should he be convicted on all charges, Rhyne could be facing up to 35 years in jail, and a fine of $500,000, The Register reports.
The FBI shared a few details to back its claims. For example, Rhyne used Windows’ net user and Sysinternals Utilities’ PsPasswd tool to change people’s passwords to “TheFr0zenCrew!”. Furthermore, he kept a hidden virtual machine on his company-issued laptop, which he used to remotely access an admin account. This account had the same password - TheFr0zenCrew!.
Also, he used his company-issued laptop to search for a few damning things, such as "command line to change password," "command line to change local administrator password," and "command line to remotely change local administrator password."
Finally, he was seen coming to work, logging into his laptop, doing the searches, and then looking at company password spreadsheets, while at the same time accessing the hidden VM.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via The Register
More from TechRadar Pro
- This clever new ransomware is targeting your Google Chrome data, so be on your guard
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.