A Russian national has been criminally charged for allegedly offering $1 million to a person in return for them infecting their employer’s network with malware.
Federal prosecutors said that Egor Igorevich Kriuchkov, 27, met with the unnamed employee on multiple occasions to entice them to install malware that would exfiltrate data from the unidentified Nevada-based company. The group behind the attack allegedly would then demand $4 million in return for the information.
A criminal complaint unsealed on Tuesday said that the malware would be custom developed to propagate through the company’s network. For it to work, prosecutors alleged, the group said it needed the employee to provide information about the employer’s network authorizations and network procedures. Kriuchkov said the malware could be transmitted either by inserting a USB drive into a company computer or clicking on an email attachment containing malware, Tuesday’s criminal complaint said.
The defendant allegedly said the infecting computer would have to run continuously for six to eight hours for the malware to move fully through the network. To distract network personnel, a first stage of the malware would perform a denial of service attack while a second stage performed the data exfiltration.
“The purpose of the conspiracy was to recruit an employee of a company to surreptitiously transmit malware provided by the coconspirators into the company’s computer system, exfiltrate data from the company’s network, and threaten to disclose the data online unless the company paid the coconspirators’ ransom demand,” prosecutors wrote in the complaint.
Attempts to reach Kriuchkov’s attorney weren’t immediately successful. The defendant was arrested over the weekend and made his initial court appearance on Tuesday. It wasn’t immediately known if he entered a plea. A magistrate judge ordered that Kriuchkov be detained.
The allegations paint the picture of a ransomware operation, which encrypts all of a company’s data and demands a hefty payment in return for the decryption key. Often, it’s less expensive for the company to pay the fee than to undergo outages that last days or weeks while administrators rebuild networks.
To diversify revenue streams, ransomware operators more recently have begun selling stolen data to the general public or requiring an additional payment from victims in return for a pinky swear not to make the data public.
The complaint, however, makes no mention of ransomware.