A former core infrastructure engineer at an industrial firm headquartered in Somerset County, New Jersey, was arrested after locking Home windows admins out of 254 servers in a failed extortion plot focusing on his employer.
In accordance with courtroom paperwork, firm workers acquired a ransom e mail titled “Your Community Has Been Penetrated” on November 25, round 4:44 PM EST. The e-mail claimed that every one IT directors had been locked out of their accounts and server backups had been deleted to make knowledge restoration not possible.
Moreover, the message threatened to close down 40 random servers on the corporate’s community day by day over the subsequent ten days until a ransom of €700,000 (within the type of 20 Bitcoin) was paid—on the time, 20 BTC have been value $750,000.
The investigation coordinated by FBI Particular Agent James E. Dennehy in Newark uncovered that 57-year-old Daniel Rhyne from Kansas Metropolis, Missouri, who was working as a core infrastructure engineer for the New Jersey industrial firm, had remotely accessed the corporate’s pc techniques with out authorization utilizing an organization administrator account between November 9 and November 25.
He then scheduled duties on the corporate’s area managed to vary the passwords for the Administrator account, 13 area administrator accounts, and 301 area person accounts to the “TheFr0zenCrew!” textual content string.
The prison criticism alleges that Rhyne additionally scheduled duties to vary the passwords for 2 native administrator accounts, which might affect 254 servers, and for 2 extra native admin accounts, which might have an effect on 3,284 workstations on his employer’s community. He additionally scheduled some duties to close down random servers and workstations over a number of days in December 2023.
Uncovered by incriminating internet searches
The investigators additionally discovered throughout forensic evaluation that, whereas planning his extortion plot, Rhyne allegedly used a hidden digital machine he accessed utilizing his account and laptop computer to look the net on November 22 for info on methods to delete area accounts, clear Home windows logs, and alter area person passwords utilizing the command line.
On November 15, Rhyne additionally made comparable internet searches on his laptop computer, together with “command line to vary native administrator password” and “command line to remotely change native administrator password.”
“By altering administrator and person passwords and shutting down Sufferer-l’s servers, the scheduled duties have been collectively designed and meant to disclaim Sufferer-1 entry to its techniques and knowledge,” the prison criticism reads.
“On or about November 25, 2023, at roughly 4:00 p.m. EST, community directors employed at Sufferer-1 started receiving password reset notifications for a Sufferer-1 area administrator account, in addition to lots of of Sufferer-1 person accounts. Shortly thereafter, the Sufferer-1 community directors found that every one different Sufferer-1 area administrator accounts have been deleted, thereby denying area administrator entry to Sufferer-1’s pc networks.”
Rhyne was arrested in Missouri on Tuesday, August 27, and was launched after his preliminary look within the Kansas Metropolis federal courtroom. The extortion, intentional pc injury, and wire fraud fees carry a most penalty of 35 years in jail and a $750,000 superb.