Could an ex-employee be planting ransomware on your firm’s network?

Graham Cluley
Graham Cluley
@[email protected]

Could an ex-employee be planting ransomware on your firm's network?

Countless times I’ve underlined the need to reset passwords and revoke access rights when a worker leaves your company.

Former employees have been accused of stealing sensitive data, planting harmful code, and even – in the case of one ex-Yahooer – raiding accounts of users, foraging for nude photos and videos.

Now there are allegations that disgruntled ex-employees who have not have had their network access revoked might even be prepared to plant ransomware.

Yigit Ali Ercan33-year-old Yigit Ali Ercan, of Philadelphia, Pennsylvania, has been arrested after allegedly hacking into his former employer’s computer system.

According to reports, an unnamed company in Westport, Connecticut, contacted police in September 2020 after its computer systems were hacked and changes made to its website.

The next day, the company is alleged to have fallen victim to a ransomware attack that left it unable to access its files unless a ransom was paid.

Ercan’s LinkedIn profile suggests he was the head of operations at Westport-based Stamford Metal Group until September 2020, where he “presided over strategy, legal, finance, marketing, IT, HR and concept development functions.”

Sign up to our free newsletter.
Security news, advice, and tips.

Ercan, who has denied altering the company’s website, and planting any ransomware, has been released after posting a US $75,000 bond.

It remains to be seen what the outcome of Ercan’s case is, of course. And we have to assume his innocence unless he is proven guilty.

But as more and more companies struggle during the pandemic and make the difficult decision to let go of staff, there is more need than ever to ensure that proper steps are taken to prevent the possibility of former workers accessing systems to which they should no longer have access.

Because they might not just be stealing data. They could also be planting malware.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.