The US New Jersey District Court has arrested a man accused of conducting a ransomware attack on a former employer, highlighting the growing “insider threat” organizations increasingly face from disgruntled or former employees.
It is alleged that Daniel Rhyne, 57, described in court documents as “a core infrastructure engineer,” is alleged to have conducted a $750, 000 ransomware attack on a New Jersey-based industrial company. The as-yet-unidentified organization provides services to various industries, including aquaculture, biopharmaceuticals, chemistry, electronics, food and beverage, healthcare, hydrogen mobility, manufacturing and industrial processing, metals, oil and gas, and pulp and paper companies.
On November 25 last year, the company is alleged to have received an “Extortion Email” demanding that it must pay €700,000 [approx. $750,000] in the form of 20 bitcoins (BTC) or that “40 random servers would be shut down each day for [a period of] 10 days”. The threat actor claimed to have already deleted all the company’s backup files.
Rhyne is alleged to have used “a “virtual machine” [VM]…software that virtually emulates a physical computer” on the company’s network to execute the attack. A VM can perform almost all the same functions as a physical computer, such as maintaining an operating system with applications and programs.
Rhyne had served as a company IT expert
The fact that Rhyne had previously served as the company’s expert on hosting virtual machines means he would have been ideally placed to infiltrate the company’s IT system. This type of threat from former employees and existing but disgruntled staff is distinct from the common insider threat, which is generally perceived as personnel unwittingly opening digital doors to outside threat actors through negligence or ignorance of basic cybersecurity. A dishonest or malevolent employee is capable of causing greater harm and much harder to guard against.
The New Jersey attack came hard on the heels of news last year that international money transfer company, US-based Western Union, had been obliged to pay a further $40 million on top of a previous $365 million payout to defrauded customers – victims of phishing attacks in which Western Union had already admitted some of its staff were complicit.
