VM-expert landed up in jail for planning cyber extortion in New Jersey!
A New Jersey-based core infrastructure engineer at a US industrial firm got arrested as he locked out Windows admins from 254 servers. He was trying to target his employer and, in the process, landed up in prison. Daniel was a specialist in hosting virtual machines or VMs.
It all started when 254 company employees received an email in their inbox on 25th November, sharp at 4:44 PM EST. The email was titled- “Your network has been penetrated.” The subject matter of the email claimed that the IT administrators could no longer access their accounts and that all the server backups had been wiped off permanently.
The email also claimed that over the next ten days, they would be shutting down any 40 servers on a daily basis. They demanded a ransom of 700,000 Euros and wanted the payment to be made through bitcoins.
Soon, the FBI entered the scene and started the investigation. Upon further digging up, the authorities learned that the core structure engineer, Daniel Rhyne, was the mastermind. The 57-year-old resident of Kansas City managed to gain illegitimate access to the company’s computer systems back in the early days of November. Then Daniel eventually changed the passwords of 301 domain user accounts and 13 domain administrator accounts.
FBI further found that Daniel had also scheduled tasks to change the passwords of two local administrator accounts. This change was intended to affect as many as 254 servers. Then, Daniel went to schedule tasks so that random servers would be shut down in the upcoming days.
During the forensic analysis, the FBI also found a hidden virtual machine that Daniel accessed on his laptop in order to research the deletion of domain accounts, clearance of Windows logs, and other technical matters. Daniel carried out these web searches on 22nd November 2023, just two days before company employees were affected.
Ever since he got illegitimate access to the company’s computer systems, Daniel had been educating himself about the “command line to change local administrator passwords” and “command line to remotely change local administrator passwords.” Daniel carried out all the research work without raising any suspicion. On D-day, the employees started getting notifications requesting a password reset. Soon, they were locked out of their networks.
FBI arrested Daniel on 27th August 2024 in Missouri. He is facing charges of extortion, wire fraud and intentional computer damage. He will have to pay a fine of $250,000 and also stay behind bars for a whopping 35 years.
The incident started unfolding back in 2023. Initially, it began as a harmless act of creating a hidden VM or virtual machine. But soon, it took the shape of a full-fledged ransomware attack. Not only did the attack bring the company operations to a sudden halt, but it also created a sense of panic and insecurity among all the employees within the organization.
After conducting a thorough investigation, the FBI has concluded that Daniel had carried out this ransomware attack after meticulous planning. He leveraged his years of experience as a core infrastructure engineer. Plus, he made the most out of his knowledge of VMs to further research and study the intricacies of the attack. The secret virtual machine allowed Daniel to pry into the company systems without having to seek any official permissions.
Daniel first created the VM back on 10th November 2023. This VM served as his digital playground, which he utilized to carry out this malicious attack on his company.
FBI’s meticulous investigation led to the discovery of a trail of digital evidence such as web searches, access logs, hidden VMs and so on.
Daniel’s attempt at cyberfraud highlights the staggering risk of increasing cybercrimes inside the corporate world. It hints towards a need to adopt an all-encompassing cybersecurity setup to protect your precious data.
Digitization definitely boosts the overall productivity of any organization. At the same time, every enterprise must work tirelessly to build a cybersecurity mechanism that prevents any outsiders, as well as insiders, from penetrating the company system.
Using suitable cybersecurity setups, offering regular training, and conducting surprise checks at regular intervals can effectively prevent such unfortunate cyber incidents.