November 22, 2024
Ex-Engineer Charged in Missouri for Failed 0,000 Bitcoin Extortion Attempt
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. He was

Sep 03, 2024Ravie LakshmananInsider Threat / Network Security

A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer.

Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.

He was arrested in the state on August 27, 2024, following an attempt to extort an unnamed industrial company that’s headquartered in Somerset County, New Jersey, where he was employed as a core infrastructure engineer.

Per court documents, some employees of the company are said to have received an extortion email that warned all of its IT administrators had been locked out or removed from the network, data backups had been deleted, and an additional 40 servers would be shut down each day over the next 10 days if a ransom of 20 bitcoin, then valued at $750,000, wasn’t paid.

“The investigation revealed that Rhyne gained unauthorized access to the company’s computer systems by remotely accessing the company administrator account,” the U.S. Department of Justice (DoJ) said.

“Rhyne then, without authorization, scheduled several computer tasks to be carried out on the network, including changing the company administrator passwords and shutting down its servers. Rhyne controlled the email address used to send the November 25 extortion email to the company’s employees.”

Rhyne is believed to have used Windows’ net user and Sysinternals Utilities’ PsPasswd tool to modify the domain and local administrator accounts and change the passwords to “TheFr0zenCrew!,” prosecutors claimed in court documents.

Authorities said the defendant allegedly used a hidden virtual machine to remotely access an admin account that was not only traced back to his company-issued laptop, but also to search the web for details on how to use the command-line to change the local administrator password and clear Windows logs.

Rhyne, who made his initial appearance on the same day of his arrest, faces a maximum penalty of 35 years in prison and a $750,000 fine for all three charges.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.