IT employee charged over $750,000 cyber extortion plot in opposition to former employer

IT employee charged over 0,000 cyber extortion plot in opposition to former employer
IT employee charged over 0,000 cyber extortion plot in opposition to former employer


A former IT engineer is going through federal expenses in the US after his former employer discovered it had been locked out of its laptop techniques and obtained a requirement for $750,000.

At roughly 4pm EST on November 25, 2023, employees at an industrial firm headquartered in Somerset County, New Jersey, started to obtain password reset notifications.  Shortly afterwards, community directors found that area administrator accounts had been deleted, denying entry to the agency’s laptop techniques.

44 minutes later, workers obtained an extortion electronic mail from an exterior handle with the topic line “Your Community Has Been Penetrated”.

The e-mail warned the corporate that each one of its directors had both been locked out or deleted from the community, that the corporate’s backups had been deleted, and {that a} additional 40 servers can be shut down every day if a ransom of 20 Bitcoin (roughly US $750,000) was not paid.

57-year-old Daniel Rhyne, from Kansas Metropolis, Missouri, who labored as a core infrastructure engineer on the firm has been accused of unauthorised entry to the pc techniques, exploiting an organization administrator account to run malicious instructions between November 8-25, 2023 that:

  • modified administrator passwords to “TheFr0zenCrew!”
  • deleted administrator accounts
  • altered consumer account passwords to “TheFr0zenCrew!”
  • scheduled the shutdown of quite a few servers and workstations.

Investigators declare that they managed to pinpoint the assault to a distant desktop session that had originated on an unauthorised digital machine (VM) working on the corporate’s community. The identical VM was additionally discovered to have executed numerous incriminating internet searches within the run-up to the assault, together with:

  • “Easy methods to set area consumer password from command line”
  • “find out how to delete a website <sic> account from the command line”
  • “find out how to remotely shutdown a pc utilizing cmd”
  • “find out how to clear all Home windows logs from command line”
  • “internet consumer syntax change password”

In accordance with court docket paperwork, the VM was accessed by a consumer account and laptop computer assigned to Rhyne. Rhyne’s laptop computer was stated to stop all web looking when web looking was occurring on the VM, suggesting that the identical particular person was utilizing each the VM and Rhyne’s laptop computer.

Prosecutors additionally declare that the corporate’s CCTV and bodily entry logs report when Rhyne bodily entered their headquarters. These data instantly precede Rhyne’s consumer account logging into his laptop computer and, in lots of cases, then accessing the VM.

The costs in opposition to Rhyne embrace extortion, intentional harm to protected computer systems, and wire fraud. If discovered responsible, he faces a possible most jail sentence of 20 years and fines of as much as $750,000.

Leave a Reply

Your email address will not be published. Required fields are marked *