IT Analyst Sentenced for Ransomware Double-Cross
SEROCU Sentences Former Oxford-based Employee
Overt Operator
July 17, 2023
In a case that marks a new low in cybersecurity breaches, 28-year-old Ashley Liles, a former IT security analyst, has been sentenced to over three years in prison. His crime? Attempting to blackmail his Oxford-based employer in the middle of a ransomware attack—a twist straight out of a high-tech thriller.
According to a press release from the South East Regional Organised Crime Unit (SEROCU), Liles exploited his privileged position during a ransomware attack on his employer. His audacious scheme involved impersonating the ransomware gang, seeking to redirect the intended ransom payment to his cryptocurrency wallet, thus victimizing his company a second time amid their plight.
"Unbeknownst to his colleagues, the police, and his employer, Liles initiated a parallel attack against the company," said the SEROCU report. The young IT analyst accessed a board member's private emails over 300 times, and in a bold move, tampered with the ransom demand email by changing the payment address provided by the original attacker.
To make his charade more convincing, Liles created an email address strikingly similar to that of the original attackers. His goal was to heighten pressure on his employer to ensure the ransom was paid and direct the money into his pocket.
But as the saying goes, "The best-laid plans of mice and men often go awry."
The company did not yield to the attackers' demands. Instead, an internal investigation commenced, leading to the discovery of Liles' unauthorized access to confidential emails, traced back to his home Internet connection.
Forewarned, Liles attempted to cover his tracks by erasing all data from his devices.
However, SEROCU's cybercrime team seized his computer and successfully recovered the incriminating evidence.
Initially, Liles staunchly denied any wrongdoing. Yet, the weight of the evidence against him eventually forced his hand. Five years after his high-tech heist, he admitted his guilt during a court hearing at Reading Crown Court.
Sentenced to three years and seven months in prison for blackmail and unauthorized access to a computer with intent to commit other offenses, Liles now serves as a warning to others who might be tempted to follow his path.
As per UK legislation, unauthorized computer access can carry a prison sentence of up to two years, while blackmail can warrant up to 14 years.