Since Tesla’s “Gigafactory” manufacturing plant is located just outside Reno, in Sparks, Nevada, speculation immediately focused on Tesla as the likely target of the attack. Tesla founder Elon Musk confirmed this Thursday night, in typical casual style, on Twitter. “Very Appreciated,” Musk wrote in response to a report on the Tesla news site Teslarati which identified Tesla as the target of the attempted ransomware attack. “It was a serious attack. Tesla himself did not respond to a request for comment.
Despite the happy ending – all thanks to a Tesla employee willing to refuse a suspected significant bribe – the attempted ransomware attack against such a large target shows just how brazen the ransomware teams have become, says Brett Callow, Threat Analyst with Cyber Security Company Emsisoft. “This is what happens when you give billions to ransomware groups. If they cannot access a network through their usual methods, they can afford to simply purchase their entry. Or try. Tesla was lucky, ”Callow says. “The result could have been very different. ”
According to the FBI, Kriuchkov first met the Tesla staff member in 2016 and reconnected with him via WhatsApp in July. During the first two days of August, he drove the staff member to Emerald Pools in Nevada and Lake Tahoe, picking up the tabs and refusing to appear in photos, court documents show, possibly attempting to ‘avoid leaving a trace of his travels. The next day, Kriuchkov took his Tesla contact to a Reno bar and made the offer: half a million dollars in cash or bitcoin to install malware on Tesla’s network, using either a USB stick or by opening the malicious attachment of an email. Kriuchkov reportedly explained to the Tesla staff member that the group he was working with would then steal data from Tesla and hold it as a ransom, threatening to dump it publicly if the ransom was not paid.
Some time after this first meeting, the Tesla staff member alerted his employer, and the FBI began monitoring and recording subsequent meetings with Kriuchkov. Throughout August, Kriuchkov reportedly tried to persuade the Tesla staff member by increasing the bribe to $ 1 million and arguing that the malware would be encrypted in such a way that it could not be traced back to the staff member who installed it. Additionally, to distract Tesla’s security personnel while installing the ransomware, the gang would carry out a distributed denial of service attack, bombarding Tesla’s servers with unwanted traffic.
In fact, Kriuchkov allegedly claimed that another insider whom they employed at a different company had still not been arrested after three and a half years. Prosecutors say Kriuchkov even went so far as to suggest that they could mentor another employee of Tesla’s staff choice for the hack – someone he or she wanted to “teach a lesson.”