Former Employee Arrested for Attempted Data Extortion Against Missouri Company
A 57-year-old man from Missouri has been apprehended following an unsuccessful attempt to extort his previous employer. Daniel Rhyne, a former core infrastructure engineer based in Kansas City, has been charged with extortion and related offenses in connection with a scheme targeting a prominent industrial firm located in Somerset County, New Jersey, where he had been employed. His arrest occurred on August 27, 2024.
Court documents reveal that employees at the targeted company received a threatening email claiming that all IT administrators had been locked out of the network. The email threatened the deletion of data backups and warned that 40 servers would be disabled each day over the subsequent ten days unless a ransom of 20 bitcoin—valued at approximately $750,000—was paid. This tactic is indicative of the MITRE ATT&CK framework’s adversary tactics, particularly the use of initial access and denial of service through targeted threats.
According to the U.S. Department of Justice (DoJ), Rhyne unlawfully accessed the company’s computer systems by exploiting a company administrator account. He allegedly executed several unauthorized tasks on the network, including changing passwords and planning server shutdowns. The investigation revealed that he controlled the email address used to disseminate the extortion threats sent on November 25, which demonstrates a clear use of persistence and privilege escalation techniques found within the MITRE framework.
Prosecutors noted that Rhyne employed Windows’ command line tools, specifically the net user command and PsPasswd from Sysinternals, to alter both domain and local administrator accounts, effectively locking out legitimate users from their administrative privileges. Additionally, he used a hidden virtual machine to execute these actions remotely, which not only implicated his company-issued laptop but also showed effort in obscuring his digital footprint.
This incident underscores the increasing risks posed by insider threats and the sophistication with which malicious actors can attempt to exploit their knowledge of corporate environments. As cybersecurity remains a pressing concern for organizations, this case highlights the urgent need for businesses to implement robust security measures and employee monitoring systems to mitigate the risk of internal breaches.
Following his arrest, Rhyne made his initial court appearance and faces severe consequences, with potential penalties including up to 35 years in prison and fines amounting to $750,000 across the charges laid against him. The prosecution’s focus on the methodologies employed by Rhyne serves as a crucial reminder for companies to fortify their defenses against both external and internal cyber threats.
As companies increasingly navigate complex digital landscapes, understanding these incidents helps reflect the ever-evolving nature of threats and the necessity of staying informed about cybersecurity best practices. Continued vigilance and proactive security strategies will be essential in protecting sensitive corporate data from similar attempts in the future.
