Geoffrey S. Berman, the United States Attorney for the Southern District of New York and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI") announced today the filing of a criminal indictment against MAYUR RELE for committing computer fraud and abuse by causing ransomware to be intentionally downloaded to computer systems, and other acts to intentionally damage the computer systems belonging to his former employer. RELE was arrested today in New Jersey. He was presented and arraigned in federal court in the Southern District of New York before United States Magistrate Judge Sarah Netburn. This case has been assigned to United States District Judge Ronnie Abrams.
According to the Indictment filed today in Manhattan federal court[1]:
In or about August and September 2017, RELE was a Senior Manager of Cloud and Infrastructure in the Information Technology Engineering department of an international technology company with its headquarters in New York, New York, engaged in the business of travel booking (the “Travel Company Victim"). From at least on or about Aug. 25, 2017, up to and including on or about Sept. 20, 2017, RELE caused another employee’s account to install Petya ransomware on a server belonging to the Travel Company Victim. As a result, certain of the Travel Company Victim’s computers were infected with Petya ransomware, thereby impairing the availability and integrity of the Travel Company Victim’s data, systems, and information and causing the Travel Company Victim to incur losses to remediate the damage and restore its system. RELE then caused certain system logs related to the incident to be deleted, in order to avoid detection.
Later, from at least on or about Sept. 15, 2017, up to and including on or about Sept. 20, 2017, RELE, without authorization, caused a file that is used to organize and integrate data to be deleted from the Travel Company Victim’s network that stored confidential and critical intellectual property, including source code and financial data in New York, New York. As a result of this incident, the source code and financial data was not available to the Travel Company Victim, which resulted in in lost ticket sales and remediation costs. As with the ransomware incident, RELE then also caused certain logs from a Travel Company Victim server involved in this incident, among others, to be deleted, in order to avoid detection.
* * *
RELE, 37, of Parsippany, New Jersey, is charged with two counts of committing computer fraud and abuse, each of which carries a maximum sentence of 10 years. The maximum potential sentence in this case is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.
Mr. Berman praised the outstanding investigative work of the FBI.
The prosecution of this case is being handled by the Office’s Complex Frauds and Cybercrime Unit. Assistant United States Attorney Kristy J. Greenberg is in charge of the prosecution.
[1] As the introductory phrase signifies, the entirety of the text of the Indictment and the description of the Indictment set forth below constitute only allegations, and every fact described should be treated as an allegation.
Source: U.S. Department of Justice, Office of the United States Attorneys
