Close up of a Tesla car badge showing Russian hacker's plan for ransomware attack

Hacker Offered Russian-Speaking Tesla Employee for $1 Million to Execute Ransomware Attack

A recently unsealed criminal complaint details how a Russian hacker tried to recruit a Russian-speaking Tesla employee for $1 million. The 27-year-old hacker named Egor Igorevich Kriuchkov met his former associate, currently working at Tesla, at a bar in Reno. The two enjoyed several drinks before Kriuchkov made a proposition for the Tesla employee to join his “group” specializing in “special projects.” The hacker offered the Tesla employee $1 million dollars to install malware for executing a ransomware attack against the company. Elon Musk acknowledged the plot, and the FBI apprehended the Russian as he attempted to flee the country.

Russian hacker offered $1 million and anonymity

FBI says the first encounter between the two individuals happened in 2016. However, the suspected hacker reached out to the worker through WhatsApp in July 2020. Kriuchkov allegedly drove his potential recruit to the Emerald Pools in Nevada and Lake Tahoe. However, he refused to appear in any of the photos taken during the tours.

Shortly after, Kriuchkov made various offers for the staffer to join his special projects group. He offered $500,000 for the employee to install malware from either a USB drive or by clicking a malicious email link. The hacker promised to encrypt the malware so that it was untraceable to the employee who installed it on the computer system.

Kriuchkov also promised to execute a distributed denial-of-service attack to confuse Tesla during the installation process.  The staffer was told he could use the opportunity to frame a fellow employee of his choice to teach them a lesson. Kriuchkov alleged that they had used the same tactics at another company, and the rogue employee had not been discovered after three years.

To convince the staffer, Kriuchkov increased the price to $1 million, which the staffer would receive in either cash or bitcoin.

If the worker agreed, the cybercriminal group would exfiltrate data from the electric car manufacturer. The cybercriminal said they would ransom the data and threaten to publish it online if their demands were ignored. Kriuchkov also disclosed that they had demanded a $6 million ransom from another firm, which settled for $4.5 million.

Tesla employee alerted the company of the planned ransomware attack

A few weeks before his arrest in Los Angeles, Kriuchkov told the staffer to postpone the ransomware attack on Tesla. He noted that a similar attack was unsuccessful after an insider failed to install the malware.

Unknown to him, the Tesla staffer had alerted his company about the malicious plot to execute a ransomware attack against the organization. Tesla contacted the FBI, who immediately started trailing Kriuchkov. The feds arrested Kriuchkov in Los Angeles on August 22 as he tried to flee the country, according to the Department of Justice.

Authorities believe the ransomware attack targeted Tesla Gigafactory in Sparks, Nevada. The firm’s Gigafactory Nevada site is located just outside Reno, where the two met.

Tesla founder Elon Musk acknowledged the ransomware attack plot and thanked the employee in a tweet on Thursday.

Ransomware operators may have become desperate after failing to penetrate computer systems from outside and are now relying on insiders to install malware on their behalf. The fact that they could afford to pay $1 million for the installation of malware shows that the ransomware attack business is booming.

“As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they, fortunately, turned down. However, in many cases, this story has the potential to end differently with systems compromised and data exposed,” says Warren Poschman, senior solutions architect at Comforte AG. “Organizations need to ensure that the security measures they enact to protect data are still viable even when internal resources are compromised, or data is exposed. Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused – effectively nullifying both external and internal threats.”