A Russian national was charged with allegedly offering a person US $ 1 million in exchange for infecting their employer's network with malware.
Federal prosecutors said Egor Igorevich Kriuchkov, 27, met with the unnamed employee several times to trick him into installing malware that would filter out data from the unidentified Nevada-based company. The group behind the attack would then allegedly charge $ 4 million in exchange for the information.
A criminal complaint unsealed on Tuesday stated that the malware was specifically designed to be distributed across the company's network. Prosecutors stated that the employee would need to provide information about the employer's network permissions and network procedures for this to work. Kriuchkov said the malware could be transferred either by plugging a USB drive into a company computer or by clicking on an email attachment containing malware, Tuesday's criminal complaint said.
The defendant allegedly said that the infecting computer had to run for six to eight hours continuously for the malware to move completely through the network. To distract network personnel, a first stage of the malware carried out a denial-of-service attack, while a second stage carried out data exfiltration.
"The purpose of the conspiracy was to recruit a company employee who would clandestinely transfer malware provided by the co-conspirators into the company's computer system, filter data from the company network, and threaten to disclose the data online unless that Company has paid the cost of ransom demand from the co-conspirators, ”the prosecutor wrote in the complaint.
Attempts to contact Kriuchkov's lawyer were not immediately successful. The defendant was arrested over the weekend and appeared in court for the first time on Tuesday. It was not immediately known whether he had made a plea. A judge ordered Kriuchkov's detention.
The allegations paint the picture of a ransomware process that encrypts all of a company's data and demands a high payment in return for the decryption key. Often times it is cheaper for the company to pay the fee than suffer downtimes that last days or weeks while administrators rebuild networks.
To diversify sources of income, ransomware operators have recently begun selling stolen data to the general public or demanding additional payment from victims in exchange for a small vow not to make the data public.
However, no ransomware is mentioned in the complaint.