How an IT Employee Impersonates the Ransomware Gang to Extort Employers

Convicted man worked as an IT security analyst at an Oxford based company that suffered a ransomware attack. He impersonated the threat actors to trick his employer into paying him instead of the original external attacker. The plan was to take advantage of the situation and divert the payment to a cryptocurrency wallet under his control. This was unknown to the police, his colleagues and his employer. And he commenced a separate and secondary attack against the company. Although he realized the investigations closed in on him and had wiped all data from his personal devices by the time the team seized his computer, it was still possible to restore incriminating data.