Tesla employee foiled suspected ransomware plot


Earlier this month, according to a recently unsealed criminal complaint, a 27-year-old Russian man, Egor Igorevich Kriuchkov, met a former partner who now worked at Tesla in a bar in Reno. They drank until the last call. At some point in the evening, the FBI says, Kriuchkov picked up the person’s phone, put it on his own, and placed the two devices away – the universal sign that he was about to say something. thing for their ears only. He then invited the Tesla employee to collaborate with a “group” that carries out “special projects”. Specifically, he offered staff $ 500,000 to install malware on his employer’s network that would be used to buy back his data for millions of dollars.Just weeks after that Reno reunion, FBI agents arrested Kriuchkov in Los Angeles while, according to the Justice Department, he was trying to flee the country. His hiring plan failed, according to the complaint, when the employee instead reported Kriuchkov’s offer to the company, which in turn alerted the FBI, leading the office to monitor Kriuchkov and arrest him shortly. time after.

Since Tesla’s “Gigafactory” manufacturing plant is located just outside Reno, in Sparks, Nevada, speculation immediately focused on Tesla as the likely target of the attack. Tesla founder Elon Musk confirmed this Thursday night, in typical casual style, on Twitter. “Very Appreciated,” Musk wrote in response to a report on the Tesla news site Teslarati which identified Tesla as the target of the attempted ransomware attack. “It was a serious attack. Tesla himself did not respond to a request for comment.

Despite the happy ending – all thanks to a Tesla employee willing to refuse a suspected significant bribe – the attempted ransomware attack against such a large target shows just how brazen the ransomware teams have become, says Brett Callow, Threat Analyst with Cyber ​​Security Company Emsisoft. “This is what happens when you give billions to ransomware groups. If they cannot access a network through their usual methods, they can afford to simply purchase their entry. Or try. Tesla was lucky, ”Callow says. “The result could have been very different. ”

According to the FBI, Kriuchkov first met the Tesla staff member in 2016 and reconnected with him via WhatsApp in July. During the first two days of August, he drove the staff member to Emerald Pools in Nevada and Lake Tahoe, picking up the tabs and refusing to appear in photos, court documents show, possibly attempting to ‘avoid leaving a trace of his travels. The next day, Kriuchkov took his Tesla contact to a Reno bar and made the offer: half a million dollars in cash or bitcoin to install malware on Tesla’s network, using either a USB stick or by opening the malicious attachment of an email. Kriuchkov reportedly explained to the Tesla staff member that the group he was working with would then steal data from Tesla and hold it as a ransom, threatening to dump it publicly if the ransom was not paid.

Some time after this first meeting, the Tesla staff member alerted his employer, and the FBI began monitoring and recording subsequent meetings with Kriuchkov. Throughout August, Kriuchkov reportedly tried to persuade the Tesla staff member by increasing the bribe to $ 1 million and arguing that the malware would be encrypted in such a way that it could not be traced back to the staff member who installed it. Additionally, to distract Tesla’s security personnel while installing the ransomware, the gang would carry out a distributed denial of service attack, bombarding Tesla’s servers with unwanted traffic.

In fact, Kriuchkov allegedly claimed that another insider whom they employed at a different company had still not been arrested after three and a half years. Prosecutors say Kriuchkov even went so far as to suggest that they could mentor another employee of Tesla’s staff choice for the hack – someone he or she wanted to “teach a lesson.”


Please enter your comment!
Please enter your name here