In the last week of August 2020, the FBI successfully detained and arrested a Russian citizen that was attempting to bribe a Tesla employee into carrying out an internal ransomware attack. The 27-year-old Russian citizen, Egor Igorevich Kriuchkov, was arrested by the FBI in Los Angeles while attempting to leave the United States.
The Tesla employee met with Kriuchkov, who offered the employee $1 million to help deliver and introduce the malware into Tesla’s network. The malware was designed to first, exfiltrate data from the network, then encrypt data in the network. Kriuchkov would use the exfiltrated and encrypted data to demand a ransom payment from Telsa. Fortunately, for Tesla, the employee immediately notified Tesla, who then involved the FBI. The FBI, with the assistance of the Tesla employee, carried out a sting operation to arrest Kriuchkov.
Kriuchkov told the employee they would distract Telsa from the malware attack by simultaneously conducting a denial-of-service (DoS) attack. He described to the employee that he had successfully conducted this attack against another company and neither he nor the assisting employee had been caught. Kriuchkov told the FBI he had successfully negotiated a $4 million payment from another company using the same tactics.
This attack comes as no surprise with ransomware continuing to prove as a valuable attack vector for adversaries. Recent ransomware attacks against Garmin and Carnival are just the tip of the iceberg as attackers continue cashing in big paydays. It is being reported that Garmin paid $10 million to attackers for the keys to decrypt their files. These attacks do not only cost organizations money if they decide to pay, but should companies not pay and do not have proper backups, they can spend an extensive amount of time configuring networks in an attempt to return it to a normal state. The City of Atlanta chose not to pay a $52,000 ransom, but ultimately spent $2.6 million and took months to recover from the attack.
With the continuing rise of these attacks, it’s important to take the necessary steps to secure your networks by conducting proper testing, seeking out consulting, and training your workforce on the latest security best practice. These actionable items will help prevent these types of attacks from occurring via a multitude of attack vectors. nGuard is staffed with certified Security Assessors who are ready to work with you and your organization to help prevent this style of attack. Additionally, nGuard provides detailed Incident Response services should your organization be the unfortunate victim of an attack.