A Microsoft employee is currently facing federal charges for money-laundering and conspiracy related to a wave of ransomware attacks in 2012.
41-year-old Raymond Uadiale was then involved in laundering the money victims of the Reveton ransomware had to pay to unlock their computers. Uadiale was not working for Microsoft at the time but joined the company in 2014 as a network engineer working in cybersecurity.
Microsoft was reportedly aware of the charges and Uadiale presents himself a reformed character.
According to the Sun Sentinel, Uadiale’s lawyer said, “These events occurred about five years ago and it was for an extremely short period of time. Mr. Uadiale has been extremely responsible and cooperative in this case.”
The news does raise awareness that employees of a company are often the weak link when it comes to keeping user information secure, as has been seen in numerous high profile leaks from company and particularly government data. Microsoft has recently given itself the right to peruse your uploaded documents and other data to comply with the FOSTA and SESTA acts and while Microsoft is unlikely to officially abuse this right it is likely the same can not be said of every one of their 120,000 employees.
Other companies, such as WhatsApp and Telegram have solved this trust issue by using end-to-end encryption under control of the end-user, but we have not seen a similar initiative by Microsoft yet. Given how much Microsoft encourages users to use cloud storage and cloud services, it may be wise for end users to start demanding support for such a level of encryption as a routine part of the design of these initiatives.