Tech security staffer gets 5 years for ransomware spree

prison1A tech security worker who hacked a raft of UK business websites in order to steal personal data through ransomware attacks has been slapped with a five-year prison term – and a ten-year Criminal Behaviour Order – after pleading guilty to 11 offences at Chester Crown Court.

Craig Fox from Chadderton admitted two counts of blackmail, six counts under the Computer Misuse Act and three counts of fraud by false representation.

The court heard how Fox took over the websites of homeware and interior design businesses, his first attack first taking place in May 2021 in which he posted a religious video on the site and blocked customers from being able to access it.

Crucial online files were also deleted, causing significant financial damage to the business and emotional stress to the owners.

The second attack took place the following day on another similar company – but this time Fox sent emails from the business email account making false claims about the company. He stated he had access to all of the accounts and that if demands were not met he would release sensitive data to the public.

Communication data enquiries were made which led to an address on Marsland Road, Sale, Manchester. Officers from the Cheshire Police Cyber Crime Team searched the address but could find no trace of any illegal activity.

However, after speaking to the occupant, the police discovered that the neighbour had previously asked to use their WiFi. Further examination of the WiFi router found a device called ‘CraigLaptop’ had been been connected to it. Officers knocked on the property and were provided access by a housemate of Fox.

Although Fox was not home at the time, police secured a warrant to search his room. During the search, a piece of paper with the WiFi code for the neighbouring house along with a charger for a Dell laptop.

Yet no mobile phone or laptop were found at the address so detectives set up an appointment to speak with Fox. He stated he had been borrowing a phone which he had since returned and that he did not own a laptop.

He was subsequently arrested and further enquiries revealed his laptop was at an office in Manchester; it was then seized, examined and found to contain key evidence. Fox was released under investigation.

During the probe, the police discovered Fox had hacked several other businesses, claiming he had exposed weaknesses in their online security. He even asked for donations for the “work” he had carried out, providing bank account details which were revealed to be assigned to his bank account.

Fox was later summonsed to court.

Lead investigator Detective Sergeant Dave MacFarlane said: “Fox thought he could hide his exploits by claiming not to own a laptop or even a personal phone yet was blatant enough to use his own name on correspondence with effected businesses.

“This was a complex case and I would like to thank the victims and witnesses without whom this result would not have been possible. I would also like to thank the courts for passing down the sentence that they have to Fox.

“I hope that this case acts as a deterrent and shows how we are relentless in our pursuit of criminals and will not stop until justice is served.”

Related stories
Data thief dodges jail but must pay back £25k or else
Jailed car crash data thief ordered to pay back £25,500
Car crash data thief hit with six month prison sentence
Sacked and fined: would-be data thieves warned again
Bent copper gets five years for car crash data theft
Swansea call centre boss is jailed for energy bill fraud
Loyalty scheme chief gets 16 months for £200k fraud