A "serious" ransomware attack on Tesla's Gigafactory was derailed after one plucky employee resisted a million-dollar bitcoin bribe from a Russian hacker.
According to a complaint published by the Department of Justice last week, a Russian national was arrested for allegedly attempting to introduce malware to a Nevada-based company's computer network. While the tech firm wasn't explicitly named by the DoJ, Tesla CEO Elon Musk since confirmed a "serious" ransomware attempt on Tesla's subassembly factory, Giga Nevada.
The Russian national in question is 27-year-old Egor Igorevich Kriuchkov. Per the complaint, Kriuchkov was entangled in an alleged conspiracy to inject Giga's computer network with ransomware—a vicious type of malware that encrypts data and demands payment to restore it.
Targeting an unnamed Tesla employee, Kriuchkov purportedly tried to bribe his way in by offering the worker $1 million in bitcoin or cash. According to the complaint, the malicious actor allegedly planned to access the data in Tesla's internal network and go public unless an unspecified ransom was paid.
But it seems Kriuchkov picked the wrong person. Instead of installing the ransomware, the staunch Tesla employee informed his bosses, who, in turn, contacted the FBI.
The tesla employee maintained contact with the would-be hacker under the watchful eye of the FBI. The ruse worked, and Kriuchkov reportedly revealed incriminating information about both the attempted Tesla exploit and another successful $4 million ransom of an undisclosed company.
Kriuchkov was arrested on August 22nd, on charges of conspiracy to intentionally cause damage to a protected computer and faces up to five years in prison.
Tesla isn't the first company to be targeted by such a scheme. A slew of businesses have played victim to ransomware attacks this year—many of which leverage cryptocurrencies such as bitcoin due to their relative anonymity.
But, not everyone gets off as lightly as Tesla.
In August, travel firm CWT was forced to pay a hefty $4.5 million bitcoin ransom after being struck with a strain of ransomware called "Ragnar Locker." An unusually sophisticated variant of ransomware, Ragnar Locker works by deploying a virtual machine which scours the victim's network for sensitive data, locks it up, and demands a ransom for decryption. The hackers allegedly managed to infect 30,000 devices throughout CWT's global network.
Discussions between CWT's chief financial officer and the ransomer's "support" rep were publically available via an online chat room, giving a unique—if somewhat bizarre—insight into the attack.
"Our price consists of two services, decryption software and deleting all downloaded data from our servers," wrote the hacker’s support representative. "If you need both of them you have to pay 10,000,000$ in Bitcoins, before the timer on the main page will ends," they added.
During negotiations, the original ransom, posted at $10 million, was 'discounted' to $4.5 million, after the CFO promised to pay immediately.
After what could only be described as a fairly cordial ransacking, the hackers even went as far as to provide tips on how to avoid being targeted in the future.