www.malwarebytes.com
Open in
urlscan Pro
2600:9000:223c:6c00:16:26c7:ff80:93a1
Public Scan
URL:
https://www.malwarebytes.com/blog/news/2023/05/employee-pleads-guilty-to-blackmail-and-unauthorized-access-after-5-years
Submission: On May 24 via api from TR — Scanned from DE
Submission: On May 24 via api from TR — Scanned from DE
Form analysis
2 forms found in the DOMGET
<form id="search-form" onsubmit="submitSearchBlog(event)" method="get">
<div class="searchbar-wrap-rightrail">
<label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
<input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
</label>
<button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query">
<svg class="svg-icon svg-stroke-mwb-blue svg-search">
<use href="/images/component-project/templates/blog/blog-svg.svg#svg-search"></use>
</svg>
</button>
</div>
</form>
/newsletter/
<form class="newsletter-form form-inline" action="/newsletter/">
<div class="email-input">
<label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
<input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email Address">
</label>
<input name="source" type="hidden" value="">
<input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
</div>
</form>
Text Content
Personal Personal * Security & Antivirus * Free virus removal > * Malwarebytes Premium for Windows > * Malwarebytes Premium for Mac > * Malwarebytes for Chromebook > * Malwarebytes Premium for Android > * Malwarebytes Premium for iOS > * Malwarebytes Premium for Teams > * Malwarebytes Premium + Privacy VPN > * AdwCleaner for Windows > * Online Privacy * Malwarebytes Privacy VPN > * Malwarebytes Browser Guard > * How can we help? * Have a current computer infection? CLEAN YOUR DEVICE NOW * * Try out Malwarebytes Premium, with a full-featured trial DOWNLOAD NOW * * Find the right solution for you SEE PERSONAL PRICING * * Activate, upgrade and manage your subscription in MyAccount SIGN IN TO YOUR ACCOUNT * * Get answers to frequently asked questions and troubleshooting tips VISIT OUR SUPPORT PAGE Business Business * Solutions * BY COMPANY SIZE * Small Businesses * 1-99 Employees * Mid-size Businesses * 100-999 Employees * Large Enterprise * 1000+ Employees * BY INDUSTRY * Education * Finance * Healthcare * Government * Products * CLOUD-BASED SECURITY MANAGEMENT * Endpoint Protection * Endpoint Protection for Servers * Endpoint Detection & Response * Endpoint Detection & Response for Servers * Incident Response * Nebula Platform Architecture * Mobile Security * CLOUD-BASED SECURITY MODULES * DNS Filtering * Vulnerability & Patch Management * Remediation Connector Solution * Application Block * SECURITY SERVICES * Managed Detection and Response * Cloud Storage Scanning Service * Malware Removal Service * NEXT-GEN ANTIVIRUS FOR SMALL BUSINESS * For Teams * Get Started * * Find the right solution for your business * See business pricing -------------------------------------------------------------------------------- * Don't know where to start? * Help me choose a product -------------------------------------------------------------------------------- * See what Malwarebytes can do for you * Get a free trial -------------------------------------------------------------------------------- * Our sales team is ready to help. Call us now * +49 (800) 723-4800 Pricing Partners Partners * Explore Partnerships * Partner Solutions * Resellers * Managed Service Providers * Computer Repair * Technology Partners * Contact Us * Partner Success Story * Marek Drummond Managing Director at Optimus Systems "Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected." * See full story Resources Resources * Learn About Cybersecurity * Antivirus * Malware * Ransomware * Malwarebytes Labs – Blog * Glossary * Threat Center * Business Resources * Reviews * Analyst Reports * Case Studies * Press & News * Reports * The State of Malware 2023 Report * See Report Support Support * Technical Support * Personal Support * Business Support * Premium Services * Forums * Vulnerability Disclosure * Report a False Positive * Product Videos * * Featured Content * Activate Malwarebytes Privacy on Windows device. * See Content FREE DOWNLOAD CONTACT US CONTACT US * Personal Support * Business Support * Talk to Sales * Contact Press * Partner Programs * Submit Vulnerability COMPANY COMPANY * About Malwarebytes * Careers * News & Press SIGN IN SIGN IN * MyAccount: manage your personal/Teams subscription > * Cloud Console: manage your cloud business products > * Partner Portal: management for Resellers and MSPs > SUBSCRIBE News | Ransomware EMPLOYEE GUILTY OF JOINING RANSOMWARE ATTACK ON HIS OWN COMPANY Posted: May 23, 2023 by Pieter Arntz An employee that tried to take advantage of a ransomware attack on his own company has pleaded guilty after 5 years of denying he had anything to do with it. A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which involved unauthorized access to part of the company’s computer systems on 27 February, 2018. The intruder notified senior staff members at the company and demanded a ransom. As an IT Security Analyst at the company, Ashley Liles was tasked with investigating the incident. He worked alongside colleagues and the police in an attempt to mitigate the incident. But at some point he must have decided to use the circumstances to enrich himself. According to the South East Regional Organised Crime Unit (SEROCU), Liles commenced a separate and secondary attack against the company. As part of his plan he changed the Bitcoin payment address of the attacker to his own in emails to the board members. And he set up an email address very similar to that of the attacker. From that email address he began emailing his employer to pressurize the company to pay the ransom. Unfortunately for Liles, a payment was never made and the unauthorized access to the private emails was noticed during the investigation. Due to some poor choices when it came to his own security, the police arrested Liles and searched his home. The unauthorized access to the emails could be traced back to his home address, which gave the police sufficient grounds to seize a computer, laptop, phone, and a USB stick. Despite his attempts to wipe the data from his devices, the police was able to recover enough data to act as evidence to prove his crimes and establish his direct involvement. Liles denied any involvement for five years. But on May 17, 2023 during a hearing at Reading Crown Court, he changed his plea to guilty. The case has now been adjourned for sentencing at the same court on July 11, 2023. While this definitely qualifies as an insider threat, this one seems to have been opportunistic rather than premeditated. The term is often associated with disgruntled employees, but they can also be coerced, or jump on an opportunity that presents itself, as Liles did. The case emphasizes the need for effective access control policies, even when an emergency presents itself. You do not want to make the scope of the incident worse by giving up your access policies in light of an investigation. Access to resources should always be limited to what is needed to get the job done. And incidental access should be revoked when the need is no longer there. We’re not saying that every employee should be treated as a suspect or potential insider threat. That will result in an unworkable situation. But you should have measures in place to limit the damage and find any culprit. HOW TO AVOID RANSOMWARE * Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. * Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. * Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs. * Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files. * Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly. * Don’t get attacked twice. Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again. -------------------------------------------------------------------------------- Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below. TRY NOW SHARE THIS ARTICLE -------------------------------------------------------------------------------- COMMENTS -------------------------------------------------------------------------------- RELATED ARTICLES News | Personal AI GENERATED PENTAGON EXPLOSION PHOTOGRAPH GOES VIRAL ON TWITTER May 23, 2023 - We take a look at a viral hoax on Twitter which used AI generated imagery to claim an explosion had occurred close to the Pentagon. CONTINUE READING 0 Comments Personal GOOGLE TO PAY $40M FOR "DECEPTIVE AND UNFAIR" LOCATION TRACKING PRACTICES May 23, 2023 - We take a look at a case where Google is agreeing to pay $40m as a result of disclosure related to location tracking issues. CONTINUE READING 0 Comments Threat Intelligence MALVERTISING VIA BRAND IMPERSONATION IS BACK AGAIN May 23, 2023 - Ads containing the official website of an impersonated brand are running again, allowing fraudsters to scam users. CONTINUE READING 0 Comments Podcast IDENTITY CRISIS: HOW AN ANTI-PORN CRUSADE COULD JAM THE INTERNET, FEATURING ALEC MUFFETT: LOCK AND CODE S04E11 May 22, 2023 - This week on Lock and Code, we speak with longtime security researcher about the eerily similar attempts across the globe to weaken the Internet to achieve one specific, social goal. CONTINUE READING 0 Comments Business WEBINAR RECAP: EDR VS MDR FOR BUSINESS SUCCESS May 22, 2023 - Learn more about EDR and MDR and which is right for your business. CONTINUE READING 0 Comments -------------------------------------------------------------------------------- ABOUT THE AUTHOR Pieter Arntz Malware Intelligence Researcher Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books. PROTECT YOUR BUSINESS FROM RANSOMWARE Prevent more. Detect earlier. Free Trial PROTECT YOUR DEVICE Scan your device today and see why millions trust Malwarebytes to keep them protected. Free Download Contributors Threat Center Podcast Glossary Scams Write for Labs Cyberprotection for every one. Cybersecurity info you can't do without Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats. Cyberprotection for every one. FOR PERSONAL Windows Mac iOS Android VPN Connection SEE ALL COMPANY About Us Contact Us Careers News and Press Blog Scholarship Forums FOR BUSINESS Small Businesses Mid-size Businesses Large Enterprise Endpoint Protection Endpoint Detection & Response Managed Detection and Response (MDR) FOR PARTNERS Managed Service Provider (MSP) Program Resellers MY ACCOUNT Sign In SOLUTIONS Free Rootkit Scanner Free Trojan Scanner Free Virus Scanner Free Spyware Scanner Anti Ransomware Protection SEE ALL ADDRESS 3979 Freedom Circle 12th Floor Santa Clara, CA 95054 ADDRESS One Albert Quay 2nd Floor Cork T12 X8N6 Ireland LEARN Malware Hacking Phishing Ransomware Computer Virus Antivirus What is VPN? COMPANY About Us Contact Us Careers News and Press Blog Scholarship Forums MY ACCOUNT Sign In ADDRESS 3979 Freedom Circle, 12th Floor Santa Clara, CA 95054 ADDRESS One Albert Quay, 2nd Floor Cork T12 X8N6 Ireland English Legal Privacy Accessibility Vulnerability Disclosure Terms of Service © 2023 All Rights Reserved Select your language * English * Deutsch * Español * Français * Italiano * Português (Portugal) * Português (Brasil) * Nederlands * Polski * Pусский * 日本語 * Svenska New Buy Online Partner Icon Warning Icon Edge icon This site uses cookies in order to enhance site navigation, analyze site usage and marketing efforts. Please see our privacy policy for more information. Privacy Policy Cookies Settings Decline All Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Privacy Policy Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details PERFORMANCE AND FUNCTIONALITY Performance and Functionality These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details SOCIAL MEDIA Social Media These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools. Cookies Details ANALYTICS Analytics These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Cookies Details ADVERTISING Advertising These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details Back Button BACK Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label * View Cookies * Name cookie name Decline All Confirm My Choices