The Federal Bureau of Investigation (FBI) has arrested a Russian man for trying to recruit an employee of a Nevada-based firm to install malicious software inside the company.
According to the Department of Justice, a 27-year-old Russian citizen, Egor Igorevich Kriuchkov, was arrested on Saturday 22 August.
The criminal was charged on Monday 24 August with the offense of conspiracy to intentionally cause harm to a protected computer. As per FBI complaint, Kriuchkov specifically traveled to the US and stayed in a hotel located in Sparks, northern Nevada, to meet with the employee (identified as CHSI in the complaint) back in late July.
The High-tech Ransomware Trade Secret
The Russian man promised to pay as much as $1 million to the employee with the intention of stealing data from the company and then demand a hefty ransom to be paid in order to unlock the systems. The scheme was expected to fetch $4 million from the victim company.
Kriuchkov entered the US on 28 July, two weeks after initially contacting the employee via WhatsApp through an introduction from a mutual acquaintance. He then met with the employee several times, paying for entertainment and dinner expenses. On 2 and 3 August, Kriuchkov and the employee traveled to Lake Tahoe and Zion National Park, where Kriuchkov paid all expenses while trying to avoid any CCTV and photographs.
Kriuchkov revealed his true reason later on 3 August. He said that he worked for a group that specializes in extorting companies. He explained that the group pays employees to install malware on their employer’s servers.
Kriuchkov initially offered to pay the employee $500,000 through cash or Bitcoin. But he then agreed to pay $1 million after the employee demanded more.
But the Justice Department’s complaint mentioned that the employee did a remarkable job by secretly working with the FBI to gather evidence against Kriuchkov. The FBI gathered evidence against Kriuchkov by monitoring his meetings with the employee.
Kriuchkov agreed to make an upfront payment of about 1 BTC and even assisted the employee in setting up a Bitcoin wallet through Tor anonymous browser so that wallet would be untraceable.
According to the FBI’s complaint, Kriuchkov explained that the group has carried out such special projects successfully on several occasions. He went ahead and identified some of the targeted companies.
Kriuchkov informed the employee that the malware was designed to first create a ruse through a DDOS (distributed-denial-of-service) to disrupt the victim’s corporate network. But the malicious attack would steal the company’s databases and send it to the group that Kriuchkov was working for.
According to FBI complaint, Kriuchkov eased the employee’s concern from getting caught up by saying that the oldest project that the group had worked on happened three and a half years ago, and the group’s insider still worked for the company.
Kriuchkov met with the employee for the final time on 21 August. He informed the employee that the plan has been delayed as his group was finalizing on another project that was regarded to provide a huge payout. He then told the employee that he was heading out of the US. However, the FBI caught up with him and arrested him the following day on 22 August before he left the country.
On Monday 24 August, he made his first appearance before a federal court where he was charged with the grave offense. Kriuchkov now faces a fine of $250,000 and a maximum sentence of 5 years in federal prison.
Tech Support Scams Continue Increasing in Complexity
The rise of tech support scams is a growing concern as scammers continue adopting new techniques to hide their malicious activities. The FBI complaint above is the latest incidence showing how scammers are working to encrypt user data and take over computers as a means of digital extortion. In 2019, The FBI’s Internet Crime Complaint Center obtained 2,047 ransomware complaints from victims in the US, resulting in losses of about $8.9 million. The figure is a sharp increase from the $3.6 million in reported losses in 2018.