Attempted Ransomware Attack on Tesla Highlights Growing Insider Threats Attempted Ransomware Attack on Tesla Highlights Growing Insider Threats

Home  |  Resources  |  Threat Intelligence

Attempted Attack on Tesla Highlights the Growing Use of Ransomware and Insider Threats to Corporations

Courtney Bramlett ● September 17, 2020

< Back to Blog Home

Tesla Employee Turns Down $1 Million Bribe from Russian Cybercriminal

In early August 2020, a 27-year-old Russian man named Egor Igorevich Kriuchkov met with a former associate who works at Tesla. Kriuchkov allegedly offered the Tesla employee a $1 million bribe to install ransomware on Tesla’s Gigafactory network, located in Nevada via USB, or by opening a malicious link in an email that would install ransomware onto the employee’s computer and the network. Instead of accepting the bribe, the employee informed the FBI, which led to Kriuchkov’s arrest.

If Tesla’s employee had accepted the bribe and assisted Kruichkov in stealing the company’s data, it would have led to a massive disruption in Tesla’s overall operations. The Russian cyber gang that developed the ransomware Kriuchkov planned to use would disguise the attack as a DDoS attack while they extracted data from Tesla’s network. The ransomware would then lock the entire network while the cyber gang planned to demand Tesla to pay them a ransom of several million dollars.

Kriuchkov claims the gang has previously found success with this type of Insider Threat, where a cybercriminal targets an employee inside a corporation and uses that contact to gain access to a company’s data network, at another large corporation and awarded $4 million in ransom. The Russian criminal also claims the group currently has an insider at another organization that has been actively working with the cybercriminal group for three and a half years.

How Was Tesla’s Employee Targeted by A Cybercrime Group?

According to the FBI, Kriuchkov approached the Tesla employee through WhatsApp messages in July. The Russian cyber gang behind the attack did their research by targeting a Russian immigrant that one of its members had previous ties to. Soon after Kriuchkov made the first contact,, he took the Tesla employee on a paid weekend trip to Lake Tahoe; a tactic presumably used to create a sense of familiarity and trust between the employee and Kruichkov. Insider Threat attacks are a standard method used by criminals, but insider ransomware attacks are more rarely used among ransomware cybercriminal gangs. As ransomware attacks grow and the payoffs increase, groups are adopting more ambitious attacks.

How Red Teaming Challenges the Weakest Security Link, Humans

The attempted attack on Tesla changed the game for security professionals. Over the last two years, insider related incidents have increased by 47%. Although this insider-enabled ransomware attack is the first to be publicly documented, there could be more that are not made public or that organizations are not aware of themselves.

Red Teaming Closes the Gaps In Your Security Posture

VerSprite’s Red Teaming exercises expose vulnerabilities within the weakest component of an organization’s security posture – the employees. Our Red Team professionals think like the criminals that want to specifically target your organization by creating unique organizational threat models to test organizations’ cyber resilience. As security professionals, we must shift our thinking to protect our organizations from ever-evolving methods of cyber attacks. Contact VerSprite →

We are an international squad of professionals working as one.

logos