Two convicted cybercriminals, Sohaib and Muneeb, recorded a conversation in which they plan to delete backups and threaten former clients, including the Department of Homeland Security. The recording, captured on a Microsoft Teams call, shows them debating ransom demands and cleanup tactics.

The transcript reveals the brothers’ intent to erase evidence and blackmail former employer Company‑1 for $25,000 each. They discuss wiping customer data and manipulating DNS settings, aiming to erase traces of their breach. The conversation also hints at a broader strategy to target federal OIG customers.

Both men now sit in federal prison; Sohaib was found guilty last week, while Muneeb pleaded guilty in April 2026 but is seeking to withdraw that plea. Their plan to sabotage data recovery systems underscores the persistent threat cybercriminals pose to government agencies.

The incident highlights how insiders can exploit privileged access even after conviction, forcing agencies to strengthen monitoring and backup resiliency. Security teams must audit VPN and remote‑desktop permissions to prevent similar insider sabotage.