IT administrator set 'time bomb' malware to torpedo ex-employer's year-end audit

Systems administrator is being sued for allegedly sabotaging critical financial data at Allegro Microsystems.

Why you should be wary of disgruntled employees - former IT administrator sabotaged ex-employer months after resigning with malware iStock

There's a reason companies should fear disgruntled employees — they can really harm your business. An IT systems administrator is being sued by his former employer for allegedly installing malware that automatically deleted critical financial data after he left.

Semiconductor manufacturer Allegro Microsystems has filed a lawsuit against Nimesh Patel, who worked for the company for 14 years from August 2002 to January 2016. The lawsuit (first spotted by Bleeping Computer) alleges that Patel was given three laptops to use during his time at the company.

Patel resigned from his position, and when he left the company on 8 January 2016, he returned the two business laptops, However he kept the third laptop, which had been designated for personal use, with the company's blessings.

Advertisement

However, Allegro alleges that on 31 January 2016, Patel returned to the grounds of the Allegro headquarters in Worchester, Massachusetts with the third laptop and used it to access the company's Wi-Fi network.

As he had been a senior IT administrator during his employment, Patel had access to all of the employees' login credentials and had kept a copy of the passwords when he left. He is believed to have used an employee's account to login and then proceeded to install malware that was programmed to wait until 1 April 2016 — the first day of the new fiscal year — and then delete information from a database table in the company's Oracle financial module.

The destruction caused to the Oracle financial module meant that Allegro was unable to compile its annual financial reports and reconcile its accounts, which cost in excess of $100,000 (£78,360) in damage to its business. The company did not notice the problem until 14 April, and it took another 10 days for its IT department to discover how the malicious code worked.

Eventually, the malicious code was traced back to the laptop Patel had been allowed to keep due to its electronic footprint on the network. Considering the allegations being made against him, it is surprising that Patel is only being subjected to a civil lawsuit, rather than criminal charges.

Allegro is demanding that Patel pay for the damages, as well as interest and its legal costs. If the two parties cannot settle the case, then Allergo wants a jury trial.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.