A Russian national was criminally charged with allegedly offering a person $ 1 million in exchange for infecting their employer's network with malware.
Prosecutors said 27-year-old Egor Igorevich Kriuchkov had met with the unnamed employee several times to trick him into installing malware that would filter out data from the unidentified Nevada-based company. The group behind the attack would then allegedly charge $ 4 million in exchange for the information.
A criminal complaint, unsealed on Tuesday, stated that the malware was specifically designed to be distributed over corporate networks. Prosecutors stated that the employee would need to provide information about the employer's network permissions and network procedures for this to work. Kriuchkov said the malware could be transferred either by inserting a USB drive into a company computer or by clicking on an email attachment containing malware.
The defendant allegedly said the infecting computer had to run for six to eight hours continuously for the malware to move completely through the network. To distract the network staff, a first stage of the malware carried out a denial of service attack, while a second stage carried out data exfiltration.
"The purpose of the conspiracy was to recruit an employee of a company who would clandestinely transfer the malware provided by the co-conspirators into the company's computer system, filter data from the company network, and threaten to disclose the data online unless the company did." Demand the ransom of the co-conspirators paid, ”the prosecutor wrote in the complaint.
Attempts to reach Kriuchkov's lawyer were not immediately successful. The defendant was arrested over the weekend and appeared in court for the first time on Tuesday. It was not immediately known whether he had made a plea. A judge ordered Kriuchkov's detention.
The allegations paint the picture of a ransomware operation that encrypts all of a company's data and demands a high payment in return for the decryption key. Often times it is cheaper for the company to pay the fee than to suffer outages that last days or weeks while administrators rebuild networks.
To diversify sources of income, ransomware operators have recently begun selling stolen data to the general public or demanding additional payment from victims in exchange for a small vow not to make the data public.
However, there is no mention of ransomware in the complaint.