Ashley Liles a 28-year-old former IT employee received a prison sentence of more than three years for attempting to extort his former employer during a ransomware attack.
During his time as an IT security analyst at an Oxford-based company, Liles exploited his position to intercept the ransomware payment the company was handling after falling victim to an attack.
To execute his deceitful plan, he assumed the identity of the ransomware gang responsible for the attack and cleverly tried to reroute the ransom payments. Liles personally switched the cybercriminals’ cryptocurrency wallet with one under his control, attempting to deceive the company and profit from the extortion scheme.
As per the official press release by the South East Regional Organised Crime Unit (SEROCU), Ashley Liles initiated a separate and secondary attack against the company without the knowledge of the police, his colleagues, and his employer.
During this attack, he illicitly accessed a board member’s private emails on more than 300 occasions. Additionally, Liles actively tampered with the original blackmail email and modified the payment address provided by the initial attacker.
Furthermore, he took the initiative to create an email address strikingly similar to the one used by the attackers. Through this deceptive email address, he applied additional pressure on his employer, ensuring that the ransomware gang’s demands would be met and the ransom would get paid.
SENTENCED
— SEROCU (@SouthEastROCU) July 11, 2023
Ashley Liles has been jailed for 3 years & 7 months after trying to extort money from the company he worked for.
He changed the email address and bank details of an email the company received from a hacker to try and get them to send money to him.
1/2 pic.twitter.com/66VHSjbJmu
The company refused to comply with the attackers’ demands, and during that period, internal investigations revealed Liles’ unauthorized access to confidential emails through his home Internet connection. Upon learning about the ongoing investigations, Liles attempted to cover his tracks by wiping data from his personal devices.
However, SEROCU’s cybercrime team seized his computer and successfully recovered incriminating evidence. Initially, Liles vehemently denied any involvement, but he eventually pleaded guilty during a recent court hearing at Reading Crown Court, five years later. As a result, the court sentenced Liles to three years and seven months in prison for “blackmail and unauthorized access to a computer with intent to commit other offenses.” According to UK legislation, unlawful computer entry can result in a prison term of up to two years, while blackmail is punishable by a maximum sentence of 14 years.
Related stories:
