An attempt to defraud a pharmaceutical company in the form of an insider threat has led to a conviction, some five years after the attempt an extortion happened. The employee in question was Ashley Liles, aged 28, of Hertfordshire, in the U.K. At the time, Liles was employed with Oxford Biomedica, a gene therapy firm.
The attempt to defraud came from an IT security analyst who undertook what is described as an “opportunistic ransomware attack”. This was intended to impersonate a coincidental external attack. Lies was employed at the firm when its systems were attacked and encrypted by an undisclosed ransomware operator on 27 February 2018.
Liles was tasked with incident response and to mitigate the impact of the ransomware. At the same time, Lies began a separate, secondary attack against his company’s systems. Liles altered the original ransom demand and change the payment address of the bitcoin wallet to which the ransomware gang was demanding payment. In all, Liles was seeking £300,000 in Bitcoin.
Liles was also accused of sending threatening emails to his employer as part of his scheme to get the firm to pay the ransom. These were written in the style that ransomware gangs use.
In the event, Oxford Biomedica elected not to pay the ransom and was able to recover its data.
Liles subsequent left the firm and went to work at another pharmaceutical company a few miles away, under the pretence he was an ‘expert’ in laboratory information systems. Here he spent most of his tenure on sick leave and the project did not advance. Pending sentencing, he still employed by the pharma firm.
The incident may have been written off as simply a ransomware attack by a criminal entity operating in a rogue state. However, in order to send his ransom notes, Liles had accessed files containing the personal emails of the company’s board members. However, the unauthorised fiddling in the company email system showed up in the system logs.
This was reported to police officers from the Southeast Regional Organised Crime Unit’s (SEROCU’s) Cyber Crime Unit, who were seeking to identify the source of the attack. The investigators were then able to identify the point of origin.
Tracing the origin to Liles’ home, a police search identified sufficient information from Liles’ computer to bring a case.
The employee been convicted of blackmail and unauthorised access to a computer with intent to commit other offences. He awaits sentencing.
Detective inspector Rob Bryant of SEROCU is quoted by Computer Weekly saying: “I would like to thank the company and their employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice.”
