Skip to main content
TechnologyApr 4, 2026· 2 min read

Former Engineer Admits Sabotage: Thousands of Blocked Windows PCs for Extortion

The most concrete risk to business continuity does not always come from outside.

Daniel Rhyne, 57, a former core infrastructure engineer, has admitted in court to being the perpetrator of a massive cyberattack against the industrial company he worked for in Somerset County. Between November 9 and 25, 2023, using his administrator privileges, Rhyne gained unauthorized access to the corporate network to implement a complex extortion plan. The main objective was to completely block operations by manipulating the Windows Domain Controllers.

According to the official documents reviewed (available in full here), the defendant carefully planned every move, acting directly on the domain management console to exclude his colleagues. Rhyne set up a series of scheduled operations to remove other network administrators' accounts and forcibly change the passwords of 13 Domain Admin accounts and 301 user accounts. The string chosen for the reset, almost a signature of the attack, was "TheFr0zenCrew!".

Ransom of 20 Bitcoin or Shut Down Servers: Details of the Cyberattack

The offensive did not stop at user management. The engineer expanded his scope to local machines, programming a mass password change for two local administrative accounts. This operation had a fundamental impact on 3,284 workstations and 254 servers. To increase pressure on company executives, Rhyne also configured tasks for the forced shutdown of servers and terminals at random intervals throughout December 2023, ensuring that the technical inconvenience turned into persistent economic damage.

On November 25, the final phase of the plan was triggered: Rhyne sent a series of emails to colleagues with the subject "Your Network Has Been Penetrated", stating that all IT administrators had been cut off and that server backups had been deleted to prevent any attempt at autonomous disaster recovery. The demand to unlock the situation amounted to 20 Bitcoin, an amount that at the time of the crime was worth about $750,000. The threat was explicit: the company would witness the shutdown of 40 random servers every day for the next ten days if payment was not made.

The investigations conducted by forensic computing experts revealed a series of glaring mistakes made by the engineer. Despite using a hidden virtual machine (VM) to try to cover his tracks, investigators traced Rhyne's web searches back to a week before the attack. Among the queries typed on his personal laptop were instructions on how to delete Windows logs, how to change local administrator passwords via command line, and how to delete domain accounts.

Rhyne was arrested in Missouri in August 2024 and later released after appearing in court. Following his recent guilty plea for hacking and extortion offenses, he now faces a maximum sentence of 15 years in prison.

Apple iPhone 16 Drops to €689: Here's Why It's the Most Affordable iPhone Right Now with A18 Chip and Stylish DesignGoogle Pixel 9 at €449.90 with included 45W charger: the Amazon deal everyone was waiting for that won't last long