Ex-Employee Arrested for Locking Admins out of Servers
A former core infrastructure engineer for a New Jersey industrial company was arrested after locking administrators out of 254 servers in an extortion attempt. Daniel Rhyne, 57, allegedly accessed the company’s systems without authorization and sent a ransom demand of €700,000 (around $750,000) in Bitcoin, threatening to shut down 40 random servers daily if his demands weren't met. The attack began on November 25, 2023, with a ransom email titled “Your Network Has Been Penetrated,” claiming that administrator accounts were locked and backups were deleted.
Rhyne, working remotely from Kansas City, Missouri, used a company administrator account to access the systems between November 9 and 25. He scheduled tasks to change passwords for domain and user accounts to block access for administrators and cripple the company’s network. The criminal complaint details how he targeted 254 servers and over 3,000 workstations by altering passwords and planning shutdowns over several days. His actions aimed to deny the company access to critical systems and data.
The FBI investigation uncovered evidence of Rhyne’s activities, including incriminating web searches made on his hidden virtual machine. He researched methods to delete domain accounts, change administrator passwords, and clear Windows logs. Rhyne's scheme was exposed when network administrators received password reset notifications and realized that all other domain administrator accounts had been deleted, locking them out of the network.
Rhyne was arrested in Missouri in August 2024 and faces charges of extortion, intentional computer damage, and wire fraud, carrying a potential sentence of 35 years in prison and a $750,000 fine. This incident underscores the growing threat of insider attacks.
Apexity can help organizations mitigate these risks by implementing advanced security protocols, employee access controls, and implementing real-time monitoring to safeguard business systems from internal and external threats.
