Blog Details

A aged core infrastructure engineer has pleaded responsible to locking Windows admins out of 254 servers as fragment of a failed extortion plan targeting his employer, an industrial firm headquartered in Somerset County, Original Jersey.

In response to court docket documents, 57-year-frail Daniel Rhyne from Kansas City, Missouri, remotely accessed the firm’s network without authorization the exercise of an administrator chronicle between November 9 and November 25.

At some level of this time, he allegedly scheduled tasks on the firm’s Windows enviornment controller to delete network admin accounts and to substitute the passwords for 13 enviornment admin accounts and 301 enviornment user accounts to “TheFr0zenCrew!”.

The prosecutors furthermore accused Rhyne of scheduling tasks to substitute the passwords for 2 local admin accounts, which would cling an impact on 3,284 workstations, and for 2 more local admin accounts, which would impact 254 servers on his employer’s network. He furthermore scheduled some tasks to shut down random servers and workstations on the network over more than one days in December 2023.

Therefore, on November 25, Rhyne emailed a wonderful deal of his coworkers a ransom email titled “Your Network Has Been Penetrated,” asserting that every and each IT directors had been locked out of their accounts and that server backups had been deleted to get files restoration very not going.

Additionally, the emails threatened to shut down 40 random servers daily over the next ten days except the firm paid a ransom of 20 bitcoin (charge roughly $750,000 at the time).

“On or about November 25, 2023, at approximately 4:00 p.m. EST, network administrators employed at Victim-1 began receiving password reset notifications for a Victim-1 domain administrator account, as well as hundreds of Victim-1 user accounts,” the prison criticism reads.

“Shortly thereafter, the Victim-1 network administrators discovered that all other Victim-1 domain administrator accounts were deleted, thereby denying domain administrator access to Victim-1’s computer networks.”

Forensic investigators chanced on that on November 22, Rhyne passe a hidden virtual machine and his chronicle to appear the procure for files on clearing Windows logs, altering enviornment user passwords, and deleting enviornment accounts as he deliberate his extortion plan.

One week earlier, Rhyne made identical net searches on his laptop, in conjunction with “command line to remotely change local administrator password” and “command line to change local administrator password.”

Rhyne used to be arrested in Missouri on Tuesday, August 27, and released after his initial appearance in federal court docket. The hacking and extortion charges to which he pleaded responsible carry a maximum penalty of 15 years in detention center.

Earlier this month, a North Carolina files analyst contractor used to be chanced on responsible of extorting his employer, Brightly Machine (a Machine-as-a-Service firm previously identified as SchoolDude), for $2.5 million.