According to a complaint shared by the Department of Justice, in July, Egor Igorevich Kriuchkov traveled to the US and contacted a Russian speaking, non-US citizen who was working at the Tesla Gigafactory in Sparks, Nevada. After meeting with that individual, Kriuchkov allegedly proposed a deal. He would pay the employee $1 million to deliver malware to computer systems at the Gigafactory. Kriuchkov and his associates allegedly planned to extract data from the network and threaten to make it public if Tesla didn’t pay a ransom.
The employee immediately informed Tesla, and the company contacted the FBI, which launched a sting operation. Agents arrested Kriuchkov in Los Angeles as he was attempting to leave the US.
As Electrek points out, during the sting operation, FBI agents obtained info about previous attacks led by Kriuchkov’s associates. They didn’t confirm which companies were impacted, but a similar ransomware attack was carried out against CWT Group in July. That company paid a $4.5 million ransom. Tesla could have been in a similar situation if its employee had not acted quickly or thought to inform the company.
Earlier this month, the cruise company Carnival and Garmin revealed that they suffered ransomware attacks. Travelex recently paid $2.3 million to resolve a ransomware attack, and of course, multiple cities -- Atlanta, Baltimore and New Orleans -- have been hit by similar cybercrimes. Dentist offices and DSLR cameras are not immune either.
Update: In a tweet, CEO Elon Musk confirmed the incident, saying “This was a serious attack.”
Much appreciated. This was a serious attack.— Elon Musk (@elonmusk) August 27, 2020