IT admin charged with extorting employer by locking down hundreds of workstations

News
By published

Ransomware attackers don't always have to be outsiders

Jump to:

Ransomware threat actors don’t always have to come from outside the victim organization - take Daniel Rhyne, a 57-year-old man from Kansas City, Missouri, who is being charged with locking down, and trying to extort, his own employer.

Allegedly, late last year, Rhyne was working at an industrial company in Somerset County, New Jersey. One day in November, he reset passwords to all network administrator accounts, as well as hundreds of user accounts. He deleted all backups, and locked users out of hundreds of servers, and thousands of workstations. Roughly an hour later, he mailed everyone to notify them of the attack, and to demand a ransom in exchange for re-establishing access.

These claims are being made by the FBI, who investigated the attack, and later charged the man with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.

TheFr0zenCrew!

Cumulatively, should he be convicted on all charges, Rhyne could be facing up to 35 years in jail, and a fine of $500,000, The Register reports.

The FBI shared a few details to back its claims. For example, Rhyne used Windows’ net user and Sysinternals Utilities’ PsPasswd tool to change people’s passwords to “TheFr0zenCrew!”. Furthermore, he kept a hidden virtual machine on his company-issued laptop, which he used to remotely access an admin account. This account had the same password - TheFr0zenCrew!.

Also, he used his company-issued laptop to search for a few damning things, such as "command line to change password," "command line to change local administrator password," and "command line to remotely change local administrator password."

Finally, he was seen coming to work, logging into his laptop, doing the searches, and then looking at company password spreadsheets, while at the same time accessing the hidden VM.

Via The Register

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Concept art representing cybersecurity principles
How to combat exfiltration-based extortion attacks
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Adapt X modular laptop

One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
See more latest
Most Popular
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18"
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
A person using a smartphone with an ecommerce website showing on a laptop.
Consumers are warming up to AI assistants, survey finds - 1/3 of us would allow AI to make purchases
A bloodied Mark staring at an off-screen Helly as Gemma screams at him from behind an exit door in Severance season 2 episode 10
Severance season 3: everything we know so far about the wildly popular Apple TV+ show's next chapter