The U.S. Federal Bureau of Investigation (FBI) foiled a cyberattack plot after arresting a Russian national, Egor Igorevich Kriuchkov. The accused offered a $1 million bribe to an employee of a Nevada company in exchange for planting malware.

Kriuchkov met with the employee and then drove overnight from Reno to Los Angeles to fly out of the country. But the FBI arrested the 27-year-old and presented him before a federal court in Los Angeles on Monday, charging him with one count of conspiracy to intentionally cause damage to a protected computer. Kriuchkov was sent to detention pending trial.

Modus Operandi

Kriuchkov contacted the unnamed employee on July 16 on WhatsApp through a mutual acquaintance. As per documents filed in U.S. District Court in Reno, he then traveled from Russia on a tourist visa to meet the employee on a trip to Lake Tahoe. After meeting the employee, he revealed that he worked for a group that specialized in extorting companies. Kriuchkov also provided him with a burner phone (prepaid cellphone) and asked him to keep it on airplane mode until the money was transferred.

Cyber Crime
The Russian national was trying to plant a malware in a Nevada company to extort money (representational image)

Through his help, Kriuchkov wanted to plant a malware (or ransomware) in the unnamed Nevada-based company to raise around $4 million. "Kriuchkov went on to explain that the 'group' pays employees of target companies to introduce malware into the target company's computer system," the FBI said in its complaint.

"Kriuchkov said the 'group' has performed these 'special projects' successfully on multiple occasions and identified some of the targeted companies," the agency added.

Ransomware Attack

Had the employee agreed to help Kriuchkov, the group he worked for would have planted malware in his corporate computer that would have disrupted the company's network with a DDOS (distributed denial of service) attack. Through a second attack, the group then would steal company data and threaten to go public if they were not paid a ransom.

As per FBI, Kriuchkov wanted to pay the employee $500,000 through Bitcoin or cash but when he disagreed, the Russian doubled the amount to $1 million. "To ease the victim employees' concerns about getting caught, Kriuchkov claimed the oldest 'project' the 'group' had worked on took place three and a half years ago and the 'group's' co-optee still worked for the company," the FBI's complaint added.

But the FBI could foil the plot in time to prevent the company from the cyberattack. The agency also arrested two other associates of Kriuchkov. One of them was identified as Sasha Skarobogatov, whose name was mentioned in another failed attempt to target a company.

Connection with Russian Govt

While it was not revealed if Kriuchkov had any connection with the Russian government but as per FBI, he worked with a hacker who was a "high-level employee of a government bank in Russia."

Kriuchkov wanted to get the job done earlier this month but the group decided to delay the project. FBI managed to gather evidence during that time through surveillance of his meeting with the employee. If proven guilty, the Russian will face a five-year prison sentence and a $250,000 fine.

wannacry hero marcus hutchins arrested
A similar cyberattack plot was foiled in December 2019 with hacker linked to Russia's FSB involved Reuters

Similar Plot Foiled

In December 2019, two Russians — Maksim Yakubets and Igor Turashev — were charged for similar attacks. The duo planted malware in 11 U.S. states and pocketed over $3 million in ransom. The cyberattacks involved a bank, companies, a school district in Pennsylvania. They also targeted a natural gas company and a lumber company in Chicago.

Yakubets was associated with the Russian intelligence agency Federal Security Service (FSB) and led the cyberattack operations while Turashev was his assistant. However, both are still at large as their whereabouts remain unknown to the FBI.

In recent times, the U.S., U.K. and Canada have accused Russia of targeting Coronavirus research data through sophisticated cyberattacks.