Incident Of The Week: Thwarted Ransomware Attack Against Tesla Serves As A Warning

Add bookmark

Seth Adler

The Facts:

Early last month, Tesla was notified by an internal employee that they had been approached with an unusual offer. For $500,000, the employee was to install ransomware onto the company’s network in order to extort them out of millions. Fortunately, the employee reached out to Tesla, and Tesla reached out to the FBI. From there, the FBI worked with the employee to set up a sting operation which led to the arrest of Egor Igorevich Kriuchkov, a 27-year-old Russian.

Ransomware attacks are in the news constantly, which makes sense. 2019 saw a 41% increase in ransomware attacks from the year before, as reported by The New York Times, and the pandemic is only increasing that number. In part, ransomware attacks are picking up steam because they work. Additionally, as nefarious cyber criminals gain income from this lucrative form of hacking, they’re reinvesting the profits into their cyber crime efforts—Business 101. The Tesla attempt is unique in that it points to two strategies hackers are using in conjunction: social engineering and bribery. While it didn’t work out in this instance, it may foreshadow future hacking trends.

Lessons Learned:

Social engineering is the psychological manipulation of employees to divulge credentials and access to internal systems. In this case, the employee was taken out socially several times by Kriuchkov, who paid for his meals and bought him drinks—yet declined all photo ops. They had first met in 2016 under benign circumstances. They were both Russian. It was easy for Kriuchkov to reconnect through WhatsApp under the guise of friendship.

Related: How Does The New Cyber Attack Landscape Affect Your Business?

After wining and dining him for a few days, Kriuchkov approached the employee with an offer he assured was safe: $500,000, for a simple installation of ransomware using either a USB stick or an emailed link. He explained that the “group” he was working with would encrypt the ransomware, leaving it untraceable, and accompany it with a DDoS attack in order to distract Tesla’s cyber security team. He even went so far as to offer to pin the attack on another employee—any of his choosing.

While this attempt at social engineering didn’t pan out this time, it is easy to see how things could have gone another way. What this may point to is that the increase in ransomware profits is being reinvested into bribing insiders. With so many Americans worrying about financial insecurity during this tumultuous time, it feels inevitable that such an attack will eventually work. In fact, according to Kriuchkov during his elevator pitch, it already has.

Related: Levers of Human Deception: The Science and Methodology Behind Social Engineering

Quick Tips:

Especially during these economically difficult times, no organization is immune from social engineering attacks and bribery. Here are a few quick tips to keep your organization safe:

  • Adopt a Zero Trust strategy
  • Monitor employee accounts for unusual activity. Be on the look out for red flags, such as an employee asking questions outside of his scope
  • Enact an approval policy where employees must ask permission for certain tasks such as using file sharing websites or downloading large amounts of data
  • Provide ongoing training to employees on how to properly handle confidential information, the company’s data policy, and perhaps most important, the consequences for noncompliance
  • Create a culture your employees can be proud of. For many, working for Tesla is a source of pride. Would the outcome have been as positive for an organization with less appeal?  When companies value their employees by empowering and listening to them, not only are they increasing productivity, but loyalty as well
  • Always report any suspicious activity to the FBI

Read More: Incident Of The Week