The FBI has stopped a ransomware attack from hitting the network of tech giant Tesla after arresting a Russian man on conspiracy charges to implant malicious software within Tesla’s systems.
We now know that the unnamed question was actually one of the largest tech and automotive companies in existence, Tesla, whose founder Elon Musk has described the attack as “serious.”
The FBI says that 27-year-old Russian national, Egor Kriuchkov, met with an employee of Tesla’s Gigafactory near Reno, Nevada, where the employee was offered a cash advance – and promise of $1 million in total – for planting Kriuchkov’s malicious software in Tesla’s system.
The software in question, commonly known as ransomware, would then be used to extort Tesla out of high-figure payments to ensure the safe return of data, whereby Kriuchkov could potentially be paid via cryptocurrencies.
The employee in question remains unnamed in the FBI’s complaint, however it is alleged that they spoke Russian, and worked full-time at Tesla’s Gigafactory in Nevada.
According to a report from Electrek who broke the story, “the employee didn’t refuse, but he immediately informed Tesla, who in turn informed the FBI. The FBI launched a sting operation with the employee who wore a wire and shared text communications with Kriuchkov as they were negotiating the terms of the malware attack.”
Elon Musk has taken to Twitter to confirm a number of news reports, stating that “this was a serious attack,” and that the investigation of the FBI was “much appreciated.”
Kriuchkov has arrested on August 22 while trying to leave the United States at Los Angeles International airport.
A report from Security Magazine quotes Matt Walmsley, the EMEA Director at Vectra who says that “in this case, the recruitment or coercion of a Tesla insider to aid the attempted deployment of malware tools to stage their attack demonstrates the lengths ransomware groups will go to.”
“Ransomware operators have evolved into using ‘name and shame’ tactics whereby victim’s data is exfiltrated prior to encryption and used to leverage ransomware payments. These bullying tactics are making attacks even more expensive, and they are not going to stop any time soon, particularly within the current climate,” he said.
Walmsley concluded that “these attackers will attempt to exploit, coerce and capitalize on organisations’ valuable digital assets.”
Security guru Brett Callow has told Wired magazine that “this is what happens when you hand billions to ransomware groups.”
“If they can’t access a network via their usual methods, they can afford to simply buy their way in, or try to. Tesla got lucky… the outcome could have been very different,” he said.
Wired Magazine also quotes Katie Nick, the director of intelligence at Red Canary who says that “this indictment is the first time I’ve heard about an insider-enabled ransomware attack.”
“It’s part of a larger theme of ransomware adversaries really upping their game… It really changes the game for the defenders. Before today I would have not have suggested companies include an insider attacker installing ransomware in their threat model.”
“Now everyone has to shift their thinking. If we know about this one case that’s been documented, there might be more,” she said.