Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
An employee put his whole life at stake because of the extortion of his own employer.
In New Jersey, USA, a former engineer of an industrial company was arrested after an extortion attempt related to blocking Windows administrators on 254 servers.
Daniel Ryne, a 57-year-old resident of Kansas City, Missouri, illegally entered the company's computer systems between November 9 and 25 using administrator credentials. It changed passwords for administrator and user accounts to gain control of the system and make data recovery more difficult.
According to the case file, the company's employees received an email with the title "Your network has been hacked" on November 25. The letter claimed that all administrators of the IT system were blocked and server backups were deleted, making data recovery impossible. The message also threatened to shut down 40 servers daily for 10 days if a ransom of €700,000 (in the form of 20 BTC) was not paid.
An FBI investigation revealed that Rhine, who worked as a key infrastructure engineer at the company, planned his actions using a hidden virtual machine and his laptop. Ryan searched the Internet for information on how to delete domain accounts, clear Windows logs, and change user passwords using the command line.
On November 15, Ryan also searched for information about commands to change local admin passwords remotely. Such actions, according to the investigation, were aimed at blocking the company's access to systems and data.
On November 25, network administrators began receiving password reset notifications for domain administrator accounts, as well as hundreds of user accounts. All other domain administrator accounts were then deleted, resulting in the loss of access to the company's networks.
Ryan was arrested on August 27 in Missouri and later released after his first hearing in federal court in Kansas City. Rhyne faces charges of extortion, intentional damage to computer systems and communications fraud. Combined, the charges could result in a maximum sentence of 35 years in prison and a fine of $750,000.
The investigation showed that the preparation for the crime began long before the implementation. Using his expertise and access to systems, Rhine intentionally blocked the company's access to its critical resources, jeopardizing operations.
Source
In New Jersey, USA, a former engineer of an industrial company was arrested after an extortion attempt related to blocking Windows administrators on 254 servers.
Daniel Ryne, a 57-year-old resident of Kansas City, Missouri, illegally entered the company's computer systems between November 9 and 25 using administrator credentials. It changed passwords for administrator and user accounts to gain control of the system and make data recovery more difficult.
According to the case file, the company's employees received an email with the title "Your network has been hacked" on November 25. The letter claimed that all administrators of the IT system were blocked and server backups were deleted, making data recovery impossible. The message also threatened to shut down 40 servers daily for 10 days if a ransom of €700,000 (in the form of 20 BTC) was not paid.
An FBI investigation revealed that Rhine, who worked as a key infrastructure engineer at the company, planned his actions using a hidden virtual machine and his laptop. Ryan searched the Internet for information on how to delete domain accounts, clear Windows logs, and change user passwords using the command line.
On November 15, Ryan also searched for information about commands to change local admin passwords remotely. Such actions, according to the investigation, were aimed at blocking the company's access to systems and data.
On November 25, network administrators began receiving password reset notifications for domain administrator accounts, as well as hundreds of user accounts. All other domain administrator accounts were then deleted, resulting in the loss of access to the company's networks.
Ryan was arrested on August 27 in Missouri and later released after his first hearing in federal court in Kansas City. Rhyne faces charges of extortion, intentional damage to computer systems and communications fraud. Combined, the charges could result in a maximum sentence of 35 years in prison and a fine of $750,000.
The investigation showed that the preparation for the crime began long before the implementation. Using his expertise and access to systems, Rhine intentionally blocked the company's access to its critical resources, jeopardizing operations.
Source
