A Russian national named Egor Igorevich Kriuchkov has pleaded guilty to charges brought against him in relation to an attempted ransomware attack against Tesla. He had been arrested in relation to the ransomware attack last August, when a Tesla employee reported that he been had offered a $1 million bribe to inject the ransomware into Tesla’s computer system at its battery factory in Nevada.
The ransomware would have given the attackers access to sensitive company documents that could be held for ransom or distributed to other parties. Some experts indicated that the motive might not have been collecting a ransom at all, but an attempt at collecting intelligence on behalf of the Russian government and possibly others. According to Kruichkov, the plan certainly included dumping the documents on the open Internet if Tesla didn’t pay up.
Prosecutors called Kriuchkov’s tactics particularly brazen and risky. Most attacks of this type involve some sort of “phishing” attack that targets employees with legitimate-looking communications designed to gain information that would give the attackers access to the system or trick an employee into unknowingly injecting the malware into the system. Such an outright attempt to bribe employees is not as common, but still happens, and it is rare for an attacker to attempt to recruit an “inside man” face to face.
“The fact that such a risk was taken could, perhaps, suggest that this was an intelligence operation aimed at obtaining information rather than an extortion operation aimed at obtaining money,” said Brett Callow, a cybersecurity analyst at anti-virus software company Emsisoft.
Emsisoft also estimates that billions of dollars are lost to ransomware attacks every years. According to one of its reports, attacks on government agencies, educational establishments and healthcare providers cost at least $7.6 billion in ransoms or recovery costs in 2019 alone. In the below video, noted cyberhacker turned cybersecurity analyst Kevin Mitnick demonstrates how those billions of dollars could be gained with very little effort.
The anonymous employee who reported it indicated that Kriuchkov had bragged to him about conducting similar attacks against similar companies. The employee indicated that the attacker offered to pay the bribe in Bitcoin that he may have obtained from previous successful ransomware attacks, considering that it is not uncommon for ransoms to be paid in some form of cryptocurrency.
According to price data on CoinMarketCap, in August 2020, the price of a bitcoin hovered between a little above $11,500 and just below $11,800. As of March 19, 2021, a bitcoin is worth $58,467.95. Despite its occasional use in illegal activity like ransomware attacks, Elon Musk still seems to have a high opinion of cryptocurrency and Tesla recently purchased at least $1.5 billion worth of Bitcoin.
Egor Igorevich Kriuchkov could have faced up to 5 years in prison and $250,000 in fines for his part in the ransomware attack against Tesla. The plea deal means that he will face no more than 10 months in jail. Investigators believe that he did have accomplices, but they remain untouchable in Russia.
“The swift response of the company and the FBI prevented a major exfiltration of the victim company’s data and stopped the extortion scheme at its inception,” Nevada Acting Assistant Attorney General Nicholas McQuaid said of the case.
McQuaid also indicated that he prefers companies to come forward when they have been the target of the attack, as Tesla did. Although the company was referred to only as “Company A” in court documentation, CEO and (now) “Technoking” of Tesla Elon Musk acknowledged that the ransomware attack did occur.