CP
cyberpings
FraudHIGH

Windows Extortion Plot - Engineer Pleads Guilty to Charges

Featured image for Windows Extortion Plot - Engineer Pleads Guilty to Charges
BCBleepingComputer
extortionWindowsDaniel RhyneransomKansas City
🎯

Basically, a former engineer locked his company's servers and demanded money to unlock them.

Quick Summary

A former engineer has pleaded guilty to locking Windows admins out of servers in an extortion scheme. This incident underscores the risks of insider threats. Rhyne's actions could lead to a 15-year prison sentence. Companies must strengthen their cybersecurity measures to prevent similar attacks.

What Happened

A former core infrastructure engineer, Daniel Rhyne, has pleaded guilty to a serious crime involving extortion. Rhyne, who worked for an industrial company in Somerset County, New Jersey, accessed the company's network without permission. Between November 9 and November 25, 2023, he executed a plan that locked out Windows administrators from 254 servers and 3,284 workstations.

How It Works

Rhyne utilized his administrator account to schedule tasks that deleted network admin accounts and changed passwords for numerous accounts. His malicious actions included sending a ransom email titled "Your Network Has Been Penetrated" to his coworkers. In this email, he threatened to shut down 40 random servers daily unless the company paid 20 bitcoin, roughly $750,000 at the time.

Who's Being Targeted

The primary target of Rhyne's extortion plot was his employer, a company operating in the industrial sector. The attack affected all IT administrators, leaving them locked out of their accounts and unable to access critical systems.

Signs of Infection

The incident began with password reset notifications that flooded the inboxes of network administrators. Shortly after, they discovered that all domain administrator accounts had been deleted, effectively paralyzing the company's network access.

How to Protect Yourself

To guard against such insider threats, companies should implement strict access controls and monitor user activity closely. Regular audits of user accounts and permissions can help detect unusual behavior before it escalates into a full-blown attack. Training employees on recognizing potential insider threats is also crucial.

What You Should Do

Organizations must take proactive steps to secure their networks. This includes:

  • Implementing multi-factor authentication to protect admin accounts.
  • Regularly updating and patching systems to close vulnerabilities.
  • Conducting background checks on employees with access to sensitive systems.
  • Creating an incident response plan to quickly address any future threats.

Rhyne's actions serve as a stark reminder of the potential risks posed by insiders. With the growing reliance on technology, organizations must remain vigilant against both external and internal threats.

🔒 Pro insight: This case exemplifies the critical need for robust insider threat programs to mitigate risks from trusted employees.

Original article from

BCBleepingComputer· Sergiu Gatlan
Read Full Article

Share

Related Pings

HIGHFraud

Nigerian Romance Scammer Jailed After Fellow Fraudster Exposed Him

A Nigerian romance scammer has been sentenced to 15 years in prison after being caught by another fraudster. His schemes exploited victims for over $1.5 million. This case underscores the dangers of online scams and the emotional manipulation involved.

Graham Cluley·
CRITICALFraud

North Korean Hackers Drain $285 Million From Drift in Seconds

In a shocking incident, North Korean hackers drained $285 million from the Drift platform in just 10 seconds. This sophisticated attack highlights serious vulnerabilities in DeFi protocols. Drift is now working with security firms to recover the stolen assets.

SecurityWeek·
HIGHFraud

Drift Loses $285 Million in Social Engineering Attack

Drift, a Solana-based decentralized exchange, lost $285 million in a social engineering attack linked to North Korean hackers. This incident highlights the increasing sophistication of crypto theft tactics. Users are urged to monitor their accounts and stay informed about security measures being implemented.

The Hacker News·
HIGHFraud

Drift Protocol - North Korean Hackers Steal $280 Million

North Korean hackers have stolen $280 million from the Drift Protocol by manipulating admin powers. This attack has frozen operations, affecting thousands of traders. Drift is investigating and working to recover the funds.

BleepingComputer·
HIGHFraud

Microsoft Device Code Phishing - EvilTokens Kit Discovered

A global phishing campaign is exploiting Microsoft's device code system using the EvilTokens kit. Organizations are at risk of losing sensitive data as attackers gain access to accounts. Vigilance and security measures are crucial to thwart these threats.

SC Media·
HIGHFraud

Drift Protocol - $285 Million Lost in Major Crypto Heist

Drift Protocol has lost an estimated $285 million in a major crypto heist linked to an exposed private key. All transactions are suspended as investigations proceed. This incident underscores the vulnerabilities in decentralized finance platforms.

SC Media·