The FBI has announced it has arrested a Russian citizen offering $1 million to plant malware in a Nevada-based company as part of a wide-scale cyber plot to collect data and hold companies and individuals to ransom.
The FBI says that Egor Igorevich Kriuchkov, a 27-year-old Russian national was arrested for offering a $1 million bribe to a Nevada-based company in exchange for permission to implant malware in the company’s network.
It’s alleged that Kriuchkov met with an employee of the unnamed company, and later drove from Reno, Nevada to Los Angeles, California to catch a flight out of the United States. FBI Special Agent in Charge, Aaron Rouse has said that the agency stopped Kriuchkov at the airport before he was able to depart the country.
In the weeks leading up to the meeting, Kruichkov communicated with “Victim Company A” via internet messaging for more than a month to organise details of the agreement. The FBI has said that the agency was monitoring these communications, but failed to specify whether money was handed over.
According to a report from the AP “the employee was expected to install software enabling an entity referred to as ‘the group’ initiate a ‘distributed denial of service’ attack – flooding and crashing the company computer system to occupy tech security officials while a second intrusion obtained data.”
The FBI has said in a complaint filed to the courts that “Kruichkov went on to explain that the ‘group’ pays employees of target companies to introduce malware into the target company’s computer system.”
“Kriuchkov said the ‘group’ has performed these ‘special projects’ successfully on multiple occasions and identified some of the targeted companies. To ease the victim employees’ concerns about getting caught, Kriuchkov claimed the oldest ‘project’ the ‘group’ had worked on took place three and a half years ago and the ‘group’s’ co-optee still worked for the company.”
U.S. Attorney Nicholas Trutanich has said that Mr Kriuchkov appeared in a Los Angeles Federal Court, where he is facing charges of conspiracy to intentionally cause damage to a protected computer. If found guilty, he faces a $250,000 fine and a five-year prison sentence.
“We are committed to holding accountable anyone who plots to use malicious cyber tactics to harm American consumers and companies,” Trutanich said.
The FBI has not confirmed whether or not Kriuchkov has connections to the Russian government, but has said that he was a “high-level employee of a government bank in Russia.”
According to a report from IBTimes “In December 2019, two Russians – Maksim Yakubets and Igor Turshev – were charged for similar attacks. The duo planted malware in 11 U.S. states and pocketed $3 million in ransom.”
We’ve reported previously that both the frequency of these attacks on organisations and the severity of the ransom demands has increased dramatically in 2020, as hackers look to targeting organisations for an easy pay-day.
With this in mind, there’s never been a more appropriate time to implement an Information Security Management System in your organisation to ensure that you remain proactive when it comes to outside threats, and educating your staff on cybersecurity best practices.