A press release published by the South East Regional Organised Crime Unit (SEROCU) explains that in February 2018, the convicted man, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack.

Like many ransomware attacks, the threat actors contacted the company's executives, demanding a ransom payment.

Due to his role in the company, Liles took part in the internal investigations and incident response effort, which was also supported by other members of the company and the police.

However, during this phase, Liles is said to have attempted to enrich himself from the attack by tricking his employer into paying him a ransom instead of the original external attacker.

"Unknown to the police, his colleagues, and his employer, Liles commenced a separate and secondary attack against the company," reads the SEROCU announcement.

"He accessed a board member's private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker."

The plan was to take advantage of the situation and divert the payment to a cryptocurrency wallet under Liles' control, 

"Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurize them to pay the money." explained SEROCU.

However, the company owner wasn't interested in paying the attackers, and the internal investigations that were still underway at the time revealed Liles' unauthorized access to private emails, pointing to his home's IP address.

The rogue employee will return to court on July 11th, 2023, to hear his sentence.

According to UK law, unauthorized computer access is punishable by up to 2 years in prison, while blackmail carries a maximum imprisonment sentence of 14 years.