The U.S. Department of Justice has indicted an employee of Ubiquiti for the ransomware attack the company faced this year.

Earlier this year, WiFi and network specialist Ubiquiti was hit by a hacking attack. The suspected hackers gained access to all Ubiquiti’s AWS accounts, including S3 data buckets, application logs, databases, login credentials and facilities for creating single sign-in (SSO) cookies. Furthermore, all of Ubiquiti’s global cloud-based equipment was compromised.

Employee

Now, documents from the U.S. Department of Justice claim that it was not external hackers who carried out the attack, but an in-house employee of the network specialist.

Late last year, the employee allegedly downloaded gigabytes of confidential data from his employer. In his role as a hacker, the employee sent Ubiquiti a message requesting that they transfer 50 bitcoin, which was worth roughly 2.5 million euros at the time. In return, he promised to keep the hack a secret, further applying pressure by pointing out a second backdoor.

During the attack, the hacker resumed his work for Ubiquiti, reportedly ‘helping’ his employer fix the incident during regular working hours.

Logging proves disastrous

The employee involved was identified because his IP address was logged. He used a Surfshark VPN subscription to disguise his personal data during the attack. However, due to an internet outage, his real IP address was logged once. Despite the hacker managing to delete it through his internal access to the systems, the FBI reconstructed the process through log data, managing to trace his IP address.

The former employee of Ubiquiti faces a maximum prison sentence of 37 years.

Tip: Ubiquiti swept data breach under the rug; what really happened?