Ashley Liles, an IT security analyst, exploited his position at an Oxford-based company to intercept a ransomware payment following a cyberattack.
He masqueraded as the ransomware gang, attempting to redirect the payment by altering their cryptocurrency wallet.
Concurrently, he launched a separate attack, gaining access to private emails, altering the blackmail message, and pressuring the company using a fake email account resembling the attackers.
Despite his efforts, the company refused to comply with the ransom demands. Internal investigations unveiled his unauthorised access. Although Liles initially denied involvement, he ultimately pleaded guilty in court. He received a sentence of three years and seven months for blackmail and unauthorised computer access.
Liles’ case highlights the gravity of insider threats and cybercrimes, where the misuse of privileged access can lead to significant legal and organisational consequences.