Missouri Engineer Faces Charges for $750,000 Bitcoin Extortion Scheme

A man from Missouri, aged 57, has been apprehended for his involvement in a failed scheme to extort data from his former employer. Daniel Rhyne, hailing from Kansas City, faces charges including extortion linked to threatening harm to a protected computer, deliberate harm to a protected computer, and wire fraud.

Rhyne’s arrest on August 27, 2024, followed an extortion attempt aimed at an undisclosed industrial firm based in Somerset County, New Jersey. He previously worked at the company as a core infrastructure engineer. According to legal documents, some employees of the organization received an email demanding a ransom of 20 bitcoins, equivalent to $750,000 at the time. The email threatened to shut down servers daily if the ransom wasn’t paid.

The U.S. Department of Justice disclosed that Rhyne illicitly accessed the company’s computer systems by remotely entering the administrator account. He then executed various unauthorized tasks on the network, such as altering administrator passwords and shutting down servers. Rhyne also managed the email account used to send the extortion email to the company’s staff.

Allegedly, Rhyne utilized Windows’ net user and Sysinternals Utilities’ PsPasswd tool to manipulate domain and local administrator accounts, changing passwords to “TheFr0zenCrew!” as per prosecutors’ claims.

Authorities mentioned that the accused deployed a concealed virtual machine to access an admin account from his company-issued laptop. This activity included searching for information on changing local administrator passwords using the command-line and erasing Windows logs.

Rhyne appeared in court on the day of his arrest. If convicted on all counts, he could face a maximum of 35 years in prison and a fine of $750,000.

In summary, the case underscores the severity of cyber-related crimes and the legal consequences individuals may face for attempting to extort data from organizations. The incident serves as a reminder of the importance of robust cybersecurity measures to safeguard against such malicious activities.