The administrator, Tavis Tso, created a web in which he attempted to snare a client in an extortion scam. After lying to the client, claiming that he didn’t have their credentials to login to their GoDaddy domain registrar account, Tso changed the credentials to the GoDaddy accounts and created a separate Microsoft account that gave him considerable power over his target. His first steps were to block employees from accessing their email accounts and to redirect the company’s home page to a blank webpage. Tso then demanded $10,000 from the company to fix the problem that he had caused.
The company did not comply with his demands.
Once it was clear that the company wasn’t going to cooperate with Tso, the cybercriminal upped the ante. Rather than just redirecting the company’s home page to a blank site, Tso redirected all of the website’s traffic to a pornographic website. This redirect took several days to resolve.
Tso was ultimately sentenced to four years of probation, in addition to $9,145 as restitution for a count of wire fraud. While it is nice that a cybercriminal has been brought to justice, the damage done will be hard to undo, as he had considerable access to his company’s systems.
Would your business be able to recover from an incident like this? A good first step is to ensure your recovery is to reconsider the permissions of the users on your network–and more importantly, the permissions of former users. There is no reason to grant access to your IT where it is not needed, and there is no reason to keep an IT resource on your system once they are no longer part of your organization.
Aspire can help you to make these changes, as well as many others that will benefit your IT and your network security. Reach out to us at (469) 7-ASPIRE to start a discussion.