By rssfeeds-admin 
Daniel Rhyne, 59, entered his guilty plea on April 1, 2026, before U.S. District Judge Michael A. Shipp in a Trenton, New Jersey, federal court.
Rhyne admitted to sabotaging the systems of his former New Jersey-based industrial employer in an attack that began in November 2023, effectively crippling the organization’s IT infrastructure.
The Attack: Stealth Through Built-In Tools
Rather than deploying sophisticated malware, Rhyne took a calculated approach, leveraging native Windows administrative utilities to evade detection.
He set up an unauthorized hidden virtual machine to gain remote desktop access to the company’s domain controller.
From this concealed environment, he configured automated scheduled tasks engineered to systematically dismantle the victim’s network from within.
These malicious tasks were programmed to delete 13 domain administrator accounts and reset the passwords of 301 domain users to a single phrase: “TheFr0zenCrew!” A detail that would later become a critical piece of forensic evidence against him.
Massive Operational Disruption
The consequences were severe. Rhyne’s actions locked the organization out of 254 Windows servers and 3,284 employee workstations.
He also scheduled commands to randomly shut down dozens of critical servers over several days in December 2023, compounding the operational damage during a critical business period.
On November 25, 2023, Rhyne launched the attack and sent a threatening email to employees with the subject line “Your Network Has Been Penetrated.”
The message demanded 20 Bitcoin, approximately $750,000 at the time, warning that 40 servers would be shut down daily for ten days if the ransom was not paid.
Rhyne’s toolkit consisted entirely of legitimate system utilities. He used the Windows “net user” command-line tool to modify domain accounts and remove existing administrators.
He also deployed Sysinternals’ PsPasswd tool to remotely change local administrative passwords across thousands of corporate endpoints, a technique known as “living off the land” (LotL), designed to blend malicious activity with normal system operations.
Investigators found that Rhyne’s company laptop had been used to research commands for remotely changing local administrator passwords.
Remote access logs traced unauthorized connections directly to his home IP address in Warren County, New Jersey.
Most critically, the extortion email account used the same password “TheFr0zenCrew!” that was embedded in his attack scripts, directly linking him to the crime.
Rhyne now faces sentencing following his guilty plea, with federal charges encompassing both unauthorized computer access and extortion.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Infrastructure Engineer Pleads Guilty to Locking 254 Company Windows Servers appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.