Russian Pleads Guilty to Tesla Ransomware Plot

He offered a Tesla employee $1 million to cripple the electric car company’s massive electric battery plant in Nevada.

In this Oct. 13, 2018, file photo, a sign marks the entrance to the Tesla Gigafactory in Sparks, Nev. A Russian citizen has pleaded guilty to offering a Tesla employee $1 million to get malware into the electric car company's plant in Nevada and enable a ransomware attack. Attorneys representing Egor Igorevich Kriuchkov did not immediately respond Friday, March 19, 2021, to messages about his Thursday plea in U.S. District Court in Reno.
In this Oct. 13, 2018, file photo, a sign marks the entrance to the Tesla Gigafactory in Sparks, Nev. A Russian citizen has pleaded guilty to offering a Tesla employee $1 million to get malware into the electric car company's plant in Nevada and enable a ransomware attack. Attorneys representing Egor Igorevich Kriuchkov did not immediately respond Friday, March 19, 2021, to messages about his Thursday plea in U.S. District Court in Reno.
AP Photo/John Locher, File

RENO, Nev. (AP) — A Russian man has pleaded guilty in the U.S. to offering a Tesla employee $1 million to cripple the electric car company’s massive electric battery plant in Nevada with ransomware and steal company secrets for extortion, prosecutors and court records said.

In a case that cybersecurity experts called exceptional for the risks he took, Egor Igorevich Kriuchkov pleaded guilty Thursday in U.S. District Court in Reno. His court-appointed federal public defender, Chris Frey, declined Friday to comment.

Prosecutors alleged that Kriuchkov acted on behalf of co-conspirators abroad and attempted to use face-to-face bribery to recruit an insider to physically plant ransomware, which scrambles data on targeted networks and can only be unlocked with a software key provided by the attackers. Typically, ransomware gangs operating from safe havens hack into victim networks over the internet and download data before activating the ransomware.

“The fact that such a risk was taken could, perhaps, suggest that this was an intelligence operation aimed at obtaining information rather than an extortion operation aimed at obtaining money,” said Brett Callow, a cybersecurity analyst at anti-virus software company Emsisoft.

“It’s also possible that the criminals thought the gamble was worth it and decided to roll the dice,” Callow said.

Charles Carmakal, chief technical officer at cybersecurity firm FireEye, agreed. “You could have potentially done it from thousands of miles away without risking any asset,” he said.

The FBI said the plot was stopped before any damage happened.

Kriuchkov, 27, told a judge in September that he knew the Russian government was aware of his case. But prosecutors and the FBI have not alleged ties to the Kremlin. Kriuchkov is in federal custody at the Washoe County jail in Reno.

His guilty plea to conspiracy to intentionally cause damage to a protected computer could have gotten him up to five years in prison and a $250,000 fine. But he's expected to face no more than 10 months under terms of his written plea agreement.

He already has been in custody for seven months, since his arrest in August in Los Angeles. Federal authorities said he had been heading to an airport to fly out of the country.

“The swift response of the company and the FBI prevented a major exfiltration of the victim company’s data and stopped the extortion scheme at its inception,” Acting Assistant Attorney General Nicholas McQuaid said in a statement. “This case highlights the importance of companies coming forward to law enforcement, and the positive results when they do so.”

Tesla CEO Elon Musk has acknowledged his company was the target of what he termed a serious effort to collect company secrets. Tesla has a massive factory near Reno that makes batteries for electric vehicles and energy storage units. Company representatives did not immediately respond Friday to messages.

Court documents say Kriuchkov was in the United States for more than five weeks last July and August on a Russian passport and a tourist visa when he tried to recruit an employee of what was identified as “Company A” to install software enabling a computer hack.

The employee, who was no identified, was to receive payments in the digital cryptocurrency Bitcoin.

No other suspected co-conspirators were charged in the case. Some were identified in a criminal complaint by nicknames including Kisa and Pasha, and a person is identified as Sasha Skarobogatov.

Some meetings were monitored and recorded by the FBI, according to court documents. It was not clear from court records if money changed hands.

In court documents, Kriuchkov was quoted saying the inside job would be camouflaged with a distributed denial of service attack on plant computers from outside. Such attacks overwhelm servers with junk traffic. If Tesla didn’t pay, the purloined data would be dumped on the open internet.

The documents also said Kriuchkov claimed to the prospective recruit that he had executed similar “special projects” on other companies on multiple occasions, with one victim supposedly surrendering a $4 million ransom payment.

More in Operations