Ubiquiti employee jailed for ransomware attack on own company costing $4bn

A cybersecurity professional has been sentenced to six years in prison after using his expertise to disguise himself as an “anonymous hacker,” so he could breach the tech giant he was meant to be guarding and hold it to ransom.

Nickolas Sharp, 37, of Portland, Oregon, pleaded guilty before a federal court in New York in February this year, admitting to extorting former employer Ubiquiti out of some $2 million as well as subsequent actions that ended up costing far more.

In doing so, he led a double life: purporting to repair the breach he himself had created while holding his company to ransom under an alter-ego alias.

“Sharp subsequently re-victimized his employer by causing the publication of misleading news articles as a purported anonymous whistleblower about the company’s handling of the breach that he perpetrated,” said the US Department of Justice (DoJ), announcing the verdict.

This led to the firm he worked for, referred to only as “Company-1” by the DoJ but identified elsewhere as wireless data communication giant Ubiquiti, losing around $4 billion from its market capitalization in 2021 as its shares tumbled on the New York Stock Exchange.

Now based in New York, Ubiquiti was founded in San Jose, California, and has a market capitalization today of around $11 billion, according to Google Finance.

Sharp’s crimes are thought to have begun in December 2020, when he used his access privileges to download gigabytes of sensitive data from Ubiquiti while interviewing for a job with another employer.

To conceal these activities, he doctored log retention policies and other files stored on the company’s systems, in effect damaging them.

Not only that, but in attempting to cover his tracks, he also tried to make it look as though innocent colleagues were to blame for his crimes.

“Sharp modified session file names to attempt to make it appear as if other coworkers were responsible for his malicious sessions,” said the DoJ.

That done, Sharp chose the beginning of 2021 to strike: posing as an anonymous malicious hacker and sending a ransom note to his employer demanding 50BTC, the equivalent of around $1.9 million at the time.

In exchange for this, he offered to return stolen data and point the way to a purported system backdoor that had facilitated the theft. All the while, Sharp himself was pretending to fix the glitch he’d created and presumably may have even directly or indirectly ‘liaised’ with his alter ego during the ransom negotiations.

"Sharp modified session file names to make it appear as if other coworkers were responsible for his malicious sessions."

US Department of Justice announces the sentencing of clandestine ransomware hacker Nickolas Sharp

Even when the FBI caught his scent, searching his home under warrant in March 2021 and seizing devices, including the laptop used to steal the data, Sharp wasn’t done.

As well as lying to agents about his involvement, he caused fake news articles to be disseminated online that portrayed him as the hero of the hour rather than the villain of the piece.

“In those stories, Sharp identified himself as an anonymous whistleblower within Company-1 who had worked on remediating the incident,” said the DoJ.

The fake news stories also falsely claimed that Sharp’s firm had been “hacked by an unidentified perpetrator who maliciously acquired root administrator access” to its system accounts.

The DoJ implied that it was the publication of these articles that caused the massive drop in share price value that same year.

“Sharp also attempted to cause domestic and foreign regulators to investigate Company-1 based on his false allegations about the security breach he secretly caused,” it added.

As well as the prison term, Sharp has been ordered to pay back more than $1.5 million and forfeit any property used in the course of his crimes.

More from Cybernews:

AI will change way humans think about work, says expert

AI predictive policing will amplify racism, human rights groups warn

FBI: cybercrime against children is rising

Urgent PayPal and MetaMask emails are from scammers

Capita hack to cost the company $25 million

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked