Rogue IT security worker who impersonated ransomware gang is sentenced to jail

Rogue IT security worker who impersonated ransomware gang sentenced to jail

A British IT worker who exploited a ransomware attack against the company he worked for, in an attempt to extort money from them for himself, has been sentenced to jail for three years and seven months.

As I previously described on the “Smashing Security” podcast, gene and cell therapy firm Oxford Biomedica suffered a ransomware attack in February 2018.

A hacker accessed Oxford Biomedica’s systems, stole information, and senior members of the company received a ransom demand from the hacker.

Nothing unusual about that.

Oxford Biomedica tasked its IT team to work alongside the police in investigating the attack, determine how it had occurred, and try to plug any remaining security holes to prevent future breaches.

Again, so far so normal.

But what was decidedly unusual was that one of its staff assigned to investigate the ransomware attack decided to actually exploit the situation, and trick his employer into giving him the ransom money instead of the genuine hackers.

Ashley Liles accessed the email account of an Oxford Biomedica board member, and changed the original ransom demand to direct that the money should be paid to a Bitcoin wallet under his own control, rather than that of the hackers.

This meant that if the company did ultimately decide to pay the ransom, it would end up with Liles rather than the (presumably less than happy) hackers who had initiated the attack.

Sign up to our free newsletter.
Security news, advice, and tips.

Liles also created an almost identical email address to that used by the original hacker, and began emailing his employer to pressurise them to pay a ransom worth £300,000.

As part of their investigation, specialist officers from the UK’s SEROCU (the South East Regional Organised Crime Unit’s Cyber Crime Unit) identified that someone had been accessing the board member’s email, and then traced the access back to Liles’ home address.

Yup, it seems that this particular IT security analyst did not properly cover his tracks.

A subsequent search of Liles’s home uncovered computer equipment, a phone, and USB stick. Despite Liles’s attempts to wipe incriminating data from his devices, digital forensic analysts were able to recover enough evidence to prove his involvement in the extortion.

Ashley Liles of Fleetwood, Letchworth Garden City, Hertfordshire, was sentenced yesterday at Reading Crown Court for blackmail and unauthorised access to a computer with intent to commit other offences.

It’s a quite remarkable story. Liles wasn’t connected to the initial ransomware attack, it simply happened on his watch. And then – some would say showing competing amounts of initiative and recklessness – he attempted to hijack the ransomware attack against his own employer to his own benefit.

What a dumb thing to do.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.