Earlier this month, according to a recently unsealed criminal complaint, a 27-year-old Russian man named Egor Igorevich Kriuchkov met an old friend who now works at Tesla at a bar in Reno. They drank until the last call. At one point in the evening, the FBI says, Kriuchkov took the person’s phone, put it on top of himself, and placed both devices at arm’s length – the universal sign that he would only say something to her ears. He invited the Tesla employee to work with a “group” carrying out “special projects”. More specifically, he offered the employee $ 500,000 to install malware on his employer’s network that would be used to release millions of dollars of their data.
Just a few weeks after that Reno meeting, FBI agents arrested Kriuchkov in Los Angeles because the Justice Department said he was trying to flee the country. His recruitment scheme failed, the complaint says, when the employee, instead of Kriuchkov’s offer, reported to the company, which in turn alerted the FBI, leading the bureau to check on Kriuchkov and arrest him shortly thereafter.
Given that Tesla’s production facility “Gigafactory” located just outside Reno, in Sparks, Nevada, speculation immediately focused on Tesla as the likely target of the attack. On Thursday night, Tesla founder Elon Musk confirmed it, in typical offhand style, on Twitter. “Much appreciated,” Musk wrote in response to a report on Tesla news site Teslarati citing Tesla as the target of the attempted ransomware strike. “This was a serious attack.” Tesla itself did not respond to a request for comment.
Despite the happy ending – all thanks to a Tesla employee who is ready to reject a major alleged bribe – the attempted “insider threat” ransomware attack against such a prominent target shows how brazen ransomware crews have become , says Brett Callow, a threat analyst with cybersecurity firm Emsisoft. “This is what happens when you pass billions to ransomware groups. If they do not have access to a network through their usual methods, they can pay to just buy their way in. Or try. Tesla is lucky,” Callow says. “The outcome could have been very different.”
According to the FBI, Kriuchkov first met the Tesla employee in 2016, and he got in touch again via WhatsApp in July. In the first two days of August, he advised employees to go to Emerald Pools in Nevada and Lake Tahoe, picked up the tabs and refused to appear in photos, say documents in court, possibly trying to prevent him from tracking his travels. left behind. The next day, Kriuchkov took his Tesla contact to a Reno bar and made the offer: Half a million dollars in cash as bitcoin to install malware on Tesla’s network, using either a USB drive or by opening an e-mail post of the malicious attachment. Kriuchkov allegedly told the Tesla employee that the group he was working with would then steal data from Tesla and keep the ransom and threaten to dump it publicly if the ransom was not paid.
Shortly after that first meeting, the Tesla employee alerted his employer, and the FBI began monitoring and recording subsequent meetings with Kriuchkov. Throughout August, Kriuchkov allegedly tried to persuade Tesla employees by increasing the bribe to $ 1 million, and by claiming that the malware would be encrypted so that it could not be returned to the staff who installed it. . Moreover, in order to remove Tesla’s security personnel during the ransomware installation, the gang would carry out a widespread denial of counterattack, and bombard Tesla’s servers with junk traffic.
In fact, Kriuchkov would claim that another insider they had used at another company was still not caught after three and a half years. Prosecutors say Kriuchkov even went so far as to suggest that they could hire another employee of Tesla’s staff for the hack – one he or she “wanted to learn a lesson from”.
.
