Elon Musk has confirmed the thwarting of an attempted ransomware attack at Tesla’s Gigafactory in Nevada. With cooperation from Tesla employees, the FBI has arrested a Russian national named Egor Igorevich Kriuchkov on one charge of conspiracy to intentionally cause damage to a protected computer.
Kriuchkov allegedly attempted to offer an unnamed Tesla employee a $1 million bribe to insert malware into Tesla’s network that would have provided access to sensitive data owned by Tesla. The data could then be held for ransom. Reports on the incident indicate that Kriuchkov was working on behalf of fellow conspirators, but very few identifying details have been released.
Although the employee was not named, he or she is reportedly a non-US citizen who speaks Russian. Kriuchkov contacted the employee through the popular mobile communications app WhatsApp and, upon arranging a meeting, offered the bribe to be paid in cash or Bitcoin. In conversations with the Tesla employee, who fished for information in conversations with the conspirator, Kriuchkov bragged about previously receiving a bribe of over $4 million from a company that turned out to be CWT Travel, which was a victim of a similar attack. The employee reported the attempt to the Tesla leadership, which then alerted the FBI.
Attempts to attack private networks to be held for ransom are not uncommon. According to an Emsisoft report, ransomware attacks on government agencies, educational establishments and healthcare providers are estimated to have cost at least $7.6 billion in ransoms or recovery costs in 2019 alone. Besides the inconvenience, ransomware attacks often cause hazards to health and safety, including the need to reroute ambulances to other hospitals that may be farther away or deal with disruptions to 911 and emergency response services. Many organizations will quietly pay the ransom rather than go through the complexities of completely rebuilding their networks to eliminate the malware. The ransom is often paid in cryptocurrencies like Bitcoin or digital coins that brand themselves as being more anonymous, like Monero.
Like the Tesla incident, many of these attacks involve either an “inside man” who can smuggle in the malware, or a phishing attack that is designed to look like legitimate communications to unwary employees. Companies may be able to reduce these incidents by making certain that all employees are properly trained to spot common signs of these attacks and making certain to frequently update their data backups and keep them in a secure location.
Law enforcement agencies may be limited in what they can do. This is especially true in cases such as this Tesla attack that involve foreign nationals like Kriuchkov, who had planned to return to his home country before his arrest. Even in countries that have an extradition treaty with the United States, extradition proceedings can take time and the damage may have already been done by the time they go through.
Tesla was not directly named in the FBI report on the incident, but Elon Musk later tweeted a reply to a report from the Tesla-focused news outlet Teslarati: “Much appreciated. This was a serious attack.”