A Missouri man has been arrested after law enforcers foiled an attempted data extortion plot against his former employer.
Daniel Rhyne, 57, of Kansas City, Missouri has been charged with one count of extortion, one count of intentional damage to a protected computer and one count of wire fraud, according to the Department of Justice (DoJ).
Described in the criminal complaint as a “core infrastructure engineer” specializing in hosting virtual machines (VMs), Rhyne was arrested on Tuesday following the November 2023 attack against a New Jersey-headquartered industrial company.
The malicious activity is believed to have taken place between November 8 and 25 2023. Rhyne is said to have gained unauthorized access to his former employer’s computer systems by remotely accessing an administrator account.
He then allegedly:
- Changed the company administrator password
- Deleted 13 domain administrator accounts
- Changed passwords to 301 domain user accounts
- Changed passwords to two local admin accounts, locking down 254 servers
- Changed passwords to two local admin accounts, impacting 3284 workstations
- Shut down “several” servers and workstations over a few days in December 2023
Rhyne is said to have sent his former employer a ransom email on November 25, warning that all IT admin accounts had been locked out or deleted, that all backups had been deleted and that “40 random servers would be shut down each day for 10 days” if a ransom of €700,000 ($750,000) in Bitcoin was not transferred by December 2 2023 to a pre-selected BTC address.
Investigators traced the intrusion to a remote desktop session that originated from an unauthorized VM on the victim organization’s network, which was also used to conduct various incriminating web searches in the preparation stage of the extortion plot.
The VM was accessed by the user account and laptop assigned to Rhyne, the court documents claimed.
The extortion charge carries a maximum penalty of five years in prison and a $250,000 fine, while the charge of intentional damage to a protected computer could land Rhyne up to 10 years in prison and a $250,000 fine. The wire fraud offense carries a maximum penalty of 20 years in prison and a $250,000 fine.
Read more on insider threats: Systems Admin Arrested for Hacking Former Employer