- Daniel Rhyne carried out an attack on his former employer’s company infrastructure
- Using an administrator account, he blocked other accounts and servers at the company
- He demanded 20 Bitcoins to stop the attack
- The attacker was caught and is now awaiting trial
A 57-year-old man from Missouri was arrested for attempting to extort and threatening to damage the infrastructure of his former employer’s company.
He demanded 20 Bitcoins to stop during which he infiltrated the system as an administrator with privileged rights and performed account and servers lockdowns, and data corruption.
Features of Bitcoin Extortion Mississippi Case
Daniel Rhyne from Kansas City, Missouri, was charged with threats to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
The case does not disclose the name of the company, headquartered in Somerset County, New Jersey, but it is known that Daniel Rhyne worked there as a core infrastructure engineer, which gave him a good idea of the company infrastructure and how to take exploit it.
He was arrested on August 27, 2024, and is now only facing charges, but the expected punishment is 35 years in prison and a $750,000 fine.
Technical Features of the Bitcoin Extortion Mississippi Attack
According to court documents, employees received emails where in an exchange of threats, among them:
- All of its IT administrators were blocked or removed from the network
- Data backups will be deleted and 40 servers will be shut down every day for the next 10 days.
- To prevent this the attacker demanded 20 Bitcoins
To do this, the attacker remotely accessed the network administrator’s account with elevated privileges, changed the other accounts’ passwords so that no one could log in and fix the problem, and then created a series of sleeper commands that he used to carry out the previously announced threats.
“Rhyne controlled the email address used to send the November 25 extortion email to the company’s employees. Rhyne is believed to have used Windows’ net user and Sysinternals Utilities’ PsPasswd tool to modify the domain and local administrator accounts and change the passwords to ‘TheFr0zenCrew!’,” the U.S. Department of Justice (DoJ).”
His big mistake, however, was using the laptop the company gave him, and furthermore, searching it for the information he needed to carry out the attack, completely compromising himself.
DoJ claims they discovered a hidden virtual machine for dedicated access to the admin account, and the attacker was immediately identified, with all evidence found on the laptop.
Conclusion
Just recently, we wrote about how cryptocurrency is being misused and becoming the main means of payment for attacks, tools, and other elements of cybercrime.
Of course, this is not the kind of news that crypto enthusiasts would like to see, but it is a reminder once again of the power of the double-edged sword of crypto security and anonymity capabilities.