IT Employee Goes to Prison for Attempting to Redirect Ransomware Payment to His Own Wallet

An IT employee who tried to extort money from his employers has been sentenced to three years and seven months in prison.

In 2018, Ashley Liles, of Fleetwood, Letchworth Garden City, Hertfordshire, used his position as an IT Security Analyst to exploit a ransomware attack unfolding within the Oxford-based company he worked for.

Liles, now 28, hacked into the emails of his senior board member to edit the hackers’ message, replacing the payment details with his own, hoping that any payment would be directed straight to his own wallet.

During this time, Liles lent his IT expertise as the police investigated the incident, according to a press release issued by South East Regional Organised Crime Unit (SEROCU).

He impersonated the attackers again, sending another email to his employers, again containing his own payment details, and pressuring the company to pay ransom.

But the plan didn’t pan out. His employers refused to negotiate with the attackers, so no ransom was ever paid.

Then, in an ironic twist, the police – whom he willingly assisted with the investigation – discovered that someone had edited the hackers' emails. Soon after, they identified that the unauthorized access had occurred from Liles’ home address.

“Just days before his arrest, Liles had wiped the data from his devices,” according to SEROCU. “However officers were able to recover this information and provide evidence of what he had done.”

Liles pleaded guilty to the offense on May 17 this year.

On July 11, tThe Reading Crown Court sentenced Liles to three years and seven months for blackmail and unauthorized access to a computer with intent to commit other offenses.