www.malwarebytes.com
Open in
urlscan Pro
2600:9000:223c:6c00:16:26c7:ff80:93a1
Public Scan
URL:
https://www.malwarebytes.com/blog/news/2023/05/employee-pleads-guilty-to-blackmail-and-unauthorized-access-after-5-years
Submission: On May 24 via api from TR — Scanned from DE
Submission: On May 24 via api from TR — Scanned from DE
Form analysis 2 forms found in the DOM
GET
<form id="search-form" onsubmit="submitSearchBlog(event)" method="get">
<div class="searchbar-wrap-rightrail">
<label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
<input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
</label>
<button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query">
<svg class="svg-icon svg-stroke-mwb-blue svg-search">
<use href="/images/component-project/templates/blog/blog-svg.svg#svg-search"></use>
</svg>
</button>
</div>
</form>/newsletter/
<form class="newsletter-form form-inline" action="/newsletter/">
<div class="email-input">
<label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
<input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email Address">
</label>
<input name="source" type="hidden" value="">
<input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
</div>
</form>Text Content
Personal
Personal
* Security & Antivirus
* Free virus removal >
* Malwarebytes Premium for Windows >
* Malwarebytes Premium for Mac >
* Malwarebytes for Chromebook >
* Malwarebytes Premium for Android >
* Malwarebytes Premium for iOS >
* Malwarebytes Premium for Teams >
* Malwarebytes Premium + Privacy VPN >
* AdwCleaner for Windows >
*
Online Privacy
* Malwarebytes Privacy VPN >
* Malwarebytes Browser Guard >
* How can we help?
* Have a current computer infection?
CLEAN YOUR DEVICE NOW
*
* Try out Malwarebytes Premium, with a full-featured trial
DOWNLOAD NOW
*
* Find the right solution for you
SEE PERSONAL PRICING
*
* Activate, upgrade and manage your subscription in MyAccount
SIGN IN TO YOUR ACCOUNT
*
* Get answers to frequently asked questions and troubleshooting tips
VISIT OUR SUPPORT PAGE
Business
Business
* Solutions
* BY COMPANY SIZE
* Small Businesses
* 1-99 Employees
* Mid-size Businesses
* 100-999 Employees
* Large Enterprise
* 1000+ Employees
* BY INDUSTRY
* Education
* Finance
* Healthcare
* Government
* Products
* CLOUD-BASED SECURITY MANAGEMENT
* Endpoint Protection
* Endpoint Protection for Servers
* Endpoint Detection & Response
* Endpoint Detection & Response for Servers
* Incident Response
* Nebula Platform Architecture
* Mobile Security
* CLOUD-BASED SECURITY MODULES
* DNS Filtering
* Vulnerability & Patch Management
* Remediation Connector Solution
* Application Block
* SECURITY SERVICES
* Managed Detection and Response
* Cloud Storage Scanning Service
* Malware Removal Service
* NEXT-GEN ANTIVIRUS FOR SMALL BUSINESS
* For Teams
* Get Started
* * Find the right solution for your business
* See business pricing
--------------------------------------------------------------------------------
* Don't know where to start?
* Help me choose a product
--------------------------------------------------------------------------------
* See what Malwarebytes can do for you
* Get a free trial
--------------------------------------------------------------------------------
* Our sales team is ready to help. Call us now
* +49 (800) 723-4800
Pricing
Partners
Partners
* Explore Partnerships
* Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Contact Us
* Partner Success Story
* Marek Drummond
Managing Director at Optimus Systems
"Thanks to the Malwarebytes MSP program, we have this high-quality product in
our stack. It’s a great addition, and I have confidence that customers’
systems are protected."
* See full story
Resources
Resources
* Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
* Malwarebytes Labs – Blog
* Glossary
* Threat Center
* Business Resources
* Reviews
* Analyst Reports
* Case Studies
* Press & News
* Reports
*
The State of Malware 2023 Report
* See Report
Support
Support
* Technical Support
* Personal Support
* Business Support
* Premium Services
* Forums
* Vulnerability Disclosure
* Report a False Positive
* Product Videos
*
* Featured Content
*
Activate Malwarebytes Privacy on Windows device.
* See Content
FREE DOWNLOAD
CONTACT US
CONTACT US
* Personal Support
* Business Support
* Talk to Sales
* Contact Press
* Partner Programs
* Submit Vulnerability
COMPANY
COMPANY
* About Malwarebytes
* Careers
* News & Press
SIGN IN
SIGN IN
* MyAccount: manage your personal/Teams subscription >
* Cloud Console: manage your cloud business products >
* Partner Portal: management for Resellers and MSPs >
SUBSCRIBE
News | Ransomware
EMPLOYEE GUILTY OF JOINING RANSOMWARE ATTACK ON HIS OWN COMPANY
Posted: May 23, 2023 by Pieter Arntz
An employee that tried to take advantage of a ransomware attack on his own
company has pleaded guilty after 5 years of denying he had anything to do with
it.
A 28-year old IT Security Analyst pleaded guilty and will consequently be
convicted of blackmail and unauthorized access to a computer with intent to
commit other offences.
It all started when the UK gene and cell therapy company Oxford BioMedica fell
victim to a cybersecurity incident which involved unauthorized access to part of
the company’s computer systems on 27 February, 2018. The intruder notified
senior staff members at the company and demanded a ransom. As an IT Security
Analyst at the company, Ashley Liles was tasked with investigating the incident.
He worked alongside colleagues and the police in an attempt to mitigate the
incident. But at some point he must have decided to use the circumstances to
enrich himself. According to the South East Regional Organised Crime Unit
(SEROCU), Liles commenced a separate and secondary attack against the company.
As part of his plan he changed the Bitcoin payment address of the attacker to
his own in emails to the board members. And he set up an email address very
similar to that of the attacker. From that email address he began emailing his
employer to pressurize the company to pay the ransom.
Unfortunately for Liles, a payment was never made and the unauthorized access to
the private emails was noticed during the investigation. Due to some poor
choices when it came to his own security, the police arrested Liles and searched
his home.
The unauthorized access to the emails could be traced back to his home address,
which gave the police sufficient grounds to seize a computer, laptop, phone, and
a USB stick. Despite his attempts to wipe the data from his devices, the police
was able to recover enough data to act as evidence to prove his crimes and
establish his direct involvement.
Liles denied any involvement for five years. But on May 17, 2023 during a
hearing at Reading Crown Court, he changed his plea to guilty. The case has now
been adjourned for sentencing at the same court on July 11, 2023.
While this definitely qualifies as an insider threat, this one seems to have
been opportunistic rather than premeditated. The term is often associated with
disgruntled employees, but they can also be coerced, or jump on an opportunity
that presents itself, as Liles did. The case emphasizes the need for effective
access control policies, even when an emergency presents itself. You do not want
to make the scope of the incident worse by giving up your access policies in
light of an investigation.
Access to resources should always be limited to what is needed to get the job
done. And incidental access should be revoked when the need is no longer there.
We’re not saying that every employee should be treated as a suspect or potential
insider threat. That will result in an unworkable situation. But you should have
measures in place to limit the damage and find any culprit.
HOW TO AVOID RANSOMWARE
* Block common forms of entry. Create a plan for patching vulnerabilities in
internet-facing systems quickly; and disable or harden remote access like RDP
and VPNs.
* Prevent intrusions. Stop threats early before they can even infiltrate or
infect your endpoints. Use endpoint security software that can prevent
exploits and malware used to deliver ransomware.
* Detect intrusions. Make it harder for intruders to operate inside your
organization by segmenting networks and assigning access rights prudently.
Use EDR or MDR to detect unusual activity before an attack occurs.
* Stop malicious encryption. Deploy Endpoint Detection and Response software
like Malwarebytes EDR that uses multiple different detection techniques to
identify ransomware, and ransomware rollback to restore damaged system files.
* Create offsite, offline backups. Keep backups offsite and offline, beyond the
reach of attackers. Test them regularly to make sure you can restore
essential business functions swiftly.
* Don’t get attacked twice. Once you've isolated the outbreak and stopped the
first attack, you must remove every trace of the attackers, their malware,
their tools, and their methods of entry, to avoid being attacked again.
--------------------------------------------------------------------------------
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you
from getting reinfected. Want to learn more about how we can help protect your
business? Get a free trial below.
TRY NOW
SHARE THIS ARTICLE
--------------------------------------------------------------------------------
COMMENTS
--------------------------------------------------------------------------------
RELATED ARTICLES
News | Personal
AI GENERATED PENTAGON EXPLOSION PHOTOGRAPH GOES VIRAL ON TWITTER
May 23, 2023 - We take a look at a viral hoax on Twitter which used AI generated
imagery to claim an explosion had occurred close to the Pentagon.
CONTINUE READING 0 Comments
Personal
GOOGLE TO PAY $40M FOR "DECEPTIVE AND UNFAIR" LOCATION TRACKING PRACTICES
May 23, 2023 - We take a look at a case where Google is agreeing to pay $40m as
a result of disclosure related to location tracking issues.
CONTINUE READING 0 Comments
Threat Intelligence
MALVERTISING VIA BRAND IMPERSONATION IS BACK AGAIN
May 23, 2023 - Ads containing the official website of an impersonated brand are
running again, allowing fraudsters to scam users.
CONTINUE READING 0 Comments
Podcast
IDENTITY CRISIS: HOW AN ANTI-PORN CRUSADE COULD JAM THE INTERNET, FEATURING ALEC
MUFFETT: LOCK AND CODE S04E11
May 22, 2023 - This week on Lock and Code, we speak with longtime security
researcher about the eerily similar attempts across the globe to weaken the
Internet to achieve one specific, social goal.
CONTINUE READING 0 Comments
Business
WEBINAR RECAP: EDR VS MDR FOR BUSINESS SUCCESS
May 22, 2023 - Learn more about EDR and MDR and which is right for your
business.
CONTINUE READING 0 Comments
--------------------------------------------------------------------------------
ABOUT THE AUTHOR
Pieter Arntz
Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four
languages. Smells of rich mahogany and leather-bound books.
PROTECT YOUR BUSINESS FROM RANSOMWARE
Prevent more. Detect earlier.
Free Trial
PROTECT YOUR DEVICE
Scan your device today and see why millions trust Malwarebytes to keep them
protected.
Free Download
Contributors
Threat Center
Podcast
Glossary
Scams
Write for Labs
Cyberprotection for every one.
Cybersecurity info you can't do without
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Cyberprotection for every one.
FOR PERSONAL
Windows
Mac
iOS
Android
VPN Connection
SEE ALL
COMPANY
About Us
Contact Us
Careers
News and Press
Blog
Scholarship
Forums
FOR BUSINESS
Small Businesses
Mid-size Businesses
Large Enterprise
Endpoint Protection
Endpoint Detection & Response
Managed Detection and Response (MDR)
FOR PARTNERS
Managed Service Provider (MSP) Program
Resellers
MY ACCOUNT
Sign In
SOLUTIONS
Free Rootkit Scanner
Free Trojan Scanner
Free Virus Scanner
Free Spyware Scanner
Anti Ransomware Protection
SEE ALL
ADDRESS
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
LEARN
Malware
Hacking
Phishing
Ransomware
Computer Virus
Antivirus
What is VPN?
COMPANY
About Us
Contact Us
Careers
News and Press
Blog
Scholarship
Forums
MY ACCOUNT
Sign In
ADDRESS
3979 Freedom Circle, 12th Floor
Santa Clara, CA 95054
ADDRESS
One Albert Quay, 2nd Floor
Cork T12 X8N6
Ireland
English
Legal
Privacy
Accessibility
Vulnerability Disclosure
Terms of Service
© 2023 All Rights Reserved
Select your language
* English
* Deutsch
* Español
* Français
* Italiano
* Português (Portugal)
* Português (Brasil)
* Nederlands
* Polski
* Pусский
* 日本語
* Svenska
New Buy Online Partner Icon Warning Icon Edge icon
This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy
Cookies Settings Decline All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE AND FUNCTIONALITY
Performance and Functionality
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
SOCIAL MEDIA
Social Media
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be
able to use or see these sharing tools.
Cookies Details
ANALYTICS
Analytics
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
ADVERTISING
Advertising
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
BACK
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
*
View Cookies
* Name
cookie name
Decline All Confirm My Choices