Could an ex-employee be planting ransomware on your firm’s network?

Graham Cluley
@gcluley

Countless times I’ve underlined the need to reset passwords and revoke access rights when a worker leaves your company.

Former employees have been accused of stealing sensitive data, planting harmful code, and even – in the case of one ex-Yahooer – raiding accounts of users, foraging for nude photos and videos.

Now there are allegations that disgruntled ex-employees who have not have had their network access revoked might even be prepared to plant ransomware.

33-year-old Yigit Ali Ercan, of Philadelphia, Pennsylvania, has been arrested after allegedly hacking into his former employer’s computer system.

According to reports, an unnamed company in Westport, Connecticut, contacted police in September 2020 after its computer systems were hacked and changes made to its website.

The next day, the company is alleged to have fallen victim to a ransomware attack that left it unable to access its files unless a ransom was paid.

Ercan’s LinkedIn profile suggests he was the head of operations at Westport-based Stamford Metal Group until September 2020, where he “presided over strategy, legal, finance, marketing, IT, HR and concept development functions.”

Sign up to our newsletter
Security news, advice, and tips.

Ercan, who has denied altering the company’s website, and planting any ransomware, has been released after posting a US $75,000 bond.

It remains to be seen what the outcome of Ercan’s case is, of course. And we have to assume his innocence unless he is proven guilty.

But as more and more companies struggle during the pandemic and make the difficult decision to let go of staff, there is more need than ever to ensure that proper steps are taken to prevent the possibility of former workers accessing systems to which they should no longer have access.

Because they might not just be stealing data. They could also be planting malware.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.