The chief engineer of a New Jersey-based company, Daniel Raine, launched a cyberattack on his own employer in an attempt to demand a $750,000 ransom in cryptocurrency.
Daniel Reine, worked for an American industrial company providing services in a variety of industries, including electronics, biopharmaceuticals, and the food industry. Using his position as a core infrastructure engineer, Raine created a virtual machine (VM) on the company’s network that gave him access to the corporate online space with elevated privileges.
On November 25, 2023, company employees began receiving strange messages initiating a password reset from the company’s domain administrator. On the same day, colleagues and managers received an email from an external address informing them that the company had been hacked. The letter stated that all of the company’s IT administrators had been locked out or removed from the computer network, all backups had been deleted, and an additional 40 random servers would be shut down for 10 days if the ransom was not paid. The ransom demand was €700,000 in Bitcoin, which at the time corresponded to approximately $750,000.
Law enforcement agencies identified Raine as the person who sent the ransom note and is suspected of criminal activity on the company’s network. An internal company investigation revealed unauthorized access to the domain administrator account from a hidden VM created by Raine. This virtual machine was used to infiltrate the company’s system multiple times between November 10 and 25, 2023. Further evidence suggests that searches made on Raine’s computer matched those used on the hidden VM.
Daniel Reine, abusing his position in the company, attempted blackmail using his knowledge of the firm’s network infrastructure. His actions caused serious consequences for the company and revealed weaknesses in its cyber security.