CP
cyberpings
FraudHIGH

Windows Extortion Plot - Engineer Pleads Guilty to Charges

Featured image for Windows Extortion Plot - Engineer Pleads Guilty to Charges
BCBleepingComputer·Reporting by Sergiu Gatlan
📰 2 sources·Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Basically, a former engineer locked his company's servers and demanded money to unlock them.

Quick Summary

A former engineer has pleaded guilty to locking Windows admins out of servers in an extortion scheme. This incident underscores the risks of insider threats. Rhyne's actions could lead to a 15-year prison sentence. Companies must strengthen their cybersecurity measures to prevent similar attacks.

What Happened

A former core infrastructure engineer, Daniel Rhyne, has pleaded guilty to a serious crime involving extortion. Rhyne, who worked for an industrial company in Somerset County, New Jersey, accessed the company's network without permission. Between November 9 and November 25, 2023, he executed a plan that locked out Windows administrators from 254 servers and 3,284 workstations.

How It Works

Rhyne utilized his administrator account to schedule tasks that deleted network admin accounts and changed passwords for numerous accounts. His malicious actions included sending a ransom email titled "Your Network Has Been Penetrated" to his coworkers. In this email, he threatened to shut down 40 random servers daily unless the company paid 20 bitcoin, roughly $750,000 at the time.

Who's Being Targeted

The primary target of Rhyne's extortion plot was his employer, a company operating in the industrial sector. The attack affected all IT administrators, leaving them locked out of their accounts and unable to access critical systems.

Signs of Infection

The incident began with password reset notifications that flooded the inboxes of network administrators. Shortly after, they discovered that all domain administrator accounts had been deleted, effectively paralyzing the company's network access.

How to Protect Yourself

To guard against such insider threats, companies should implement strict access controls and monitor user activity closely. Regular audits of user accounts and permissions can help detect unusual behavior before it escalates into a full-blown attack. Training employees on recognizing potential insider threats is also crucial.

What You Should Do

Organizations must take proactive steps to secure their networks. This includes:

  • Implementing multi-factor authentication to protect admin accounts.
  • Regularly updating and patching systems to close vulnerabilities.
  • Conducting background checks on employees with access to sensitive systems.
  • Creating an incident response plan to quickly address any future threats.

Rhyne's actions serve as a stark reminder of the potential risks posed by insiders. With the growing reliance on technology, organizations must remain vigilant against both external and internal threats.

🔒 Pro insight: This case exemplifies the critical need for robust insider threat programs to mitigate risks from trusted employees.

Original article from

BCBleepingComputer· Sergiu Gatlan
Read Full Article

Also covered by

CSCSO Online

A core infrastructure engineer pleads guilty to federal charges in insider attack

Read Article

Share

Related Pings

HIGHFraud

Device Code Phishing - Attacks Surge 37 Times in 2026

Device code phishing attacks have skyrocketed this year, with a 37x increase. Users of IoT and streaming devices are particularly at risk. New phishing kits like EvilTokens are making these attacks easier for cybercriminals. Stay alert and protect your accounts.

BleepingComputer·
HIGHFraud

Job Scams - Coca-Cola and Ferrari Offers Are Traps

Scammers are impersonating Coca-Cola and Ferrari with fake job offers to steal your passwords. Job seekers are at high risk as these scams become more sophisticated. Protect your personal information by verifying job offers directly with companies.

Malwarebytes Labs·
HIGHFraud

FCC Proposes $4.5 Million Fine for Voxbeam's Fraudulent Calls

The FCC is proposing a hefty fine against Voxbeam for allowing fraudulent calls to reach American consumers. This could lead to stricter regulations on voice service providers. Stay alert to protect your personal information from scams.

The Record·
MEDIUMFraud

Business Email Compromise - The New Threat Landscape Explained

A recent fraud attempt shows how business email compromise is evolving. Small organizations are now prime targets for these scams. Awareness is key to staying safe.

Cisco Talos Intelligence·
HIGHFraud

Vacant Homes - Adversaries Exploit Mail for Fraud

Criminals are exploiting vacant homes to intercept mail and commit fraud. This method targets sensitive information, leading to identity theft. Stay vigilant and monitor your mail to protect yourself.

BleepingComputer·
HIGHFraud

Customer Authentication - Why Are They Sending Money to Scammers?

Fraud expert Lenny Gusel reveals how separating identity management from fraud detection increases risks. Customers can still be scammed even after authentication. Integrating these systems is crucial for security.

Help Net Security·