In early August 2020, a 27-year-old Russian man named Egor Igorevich Kriuchkov met with a former associate who works at Tesla. Kriuchkov allegedly offered the Tesla employee a $1 million bribe to install ransomware on Tesla’s Gigafactory network, located in Nevada via USB, or by opening a malicious link in an email that would install ransomware onto the employee’s computer and the network. Instead of accepting the bribe, the employee informed the FBI, which led to Kriuchkov’s arrest.
If Tesla’s employee had accepted the bribe and assisted Kruichkov in stealing the company’s data, it would have led to a massive disruption in Tesla’s overall operations. The Russian cyber gang that developed the ransomware Kriuchkov planned to use would disguise the attack as a DDoS attack while they extracted data from Tesla’s network. The ransomware would then lock the entire network while the cyber gang planned to demand Tesla to pay them a ransom of several million dollars.
Kriuchkov claims the gang has previously found success with this type of Insider Threat, where a cybercriminal targets an employee inside a corporation and uses that contact to gain access to a company’s data network, at another large corporation and awarded $4 million in ransom. The Russian criminal also claims the group currently has an insider at another organization that has been actively working with the cybercriminal group for three and a half years.
According to the FBI, Kriuchkov approached the Tesla employee through WhatsApp messages in July. The Russian cyber gang behind the attack did their research by targeting a Russian immigrant that one of its members had previous ties to. Soon after Kriuchkov made the first contact,, he took the Tesla employee on a paid weekend trip to Lake Tahoe; a tactic presumably used to create a sense of familiarity and trust between the employee and Kruichkov. Insider Threat attacks are a standard method used by criminals, but insider ransomware attacks are more rarely used among ransomware cybercriminal gangs. As ransomware attacks grow and the payoffs increase, groups are adopting more ambitious attacks.
The attempted attack on Tesla changed the game for security professionals. Over the last two years, insider related incidents have increased by 47%. Although this insider-enabled ransomware attack is the first to be publicly documented, there could be more that are not made public or that organizations are not aware of themselves.
VerSprite’s Red Teaming exercises expose vulnerabilities within the weakest component of an organization’s security posture – the employees. Our Red Team professionals think like the criminals that want to specifically target your organization by creating unique organizational threat models to test organizations’ cyber resilience. As security professionals, we must shift our thinking to protect our organizations from ever-evolving methods of cyber attacks. Contact VerSprite →