Share this article on:
The trial of eight members of the ransomware gang linked to the 2021 Colonial Pipeline hack may not reach a satisfying verdict, however.
Given what we know of Russia’s backing of numerous hacking groups, the idea of Russian criminal justice actually applying to one of its own may seem far-fetched, but the trial of eight alleged members of the now defunct REvil ransomware gang is finally nearing its end in St Petersburg.
However, while the trial has, in the words of Russian media outlet Izvestia, fallen “victim to geopolitics” since Russia’s invasion of Ukraine and the United States’ decision to no longer assist in the case, some interesting facts have emerged.
Most notably, an attempt to bribe a Tesla employee into planting malware at a Tesla facility.
According to Izvestia’s reporting – which should be taken somewhat with a grain of salt; the outlet is banned in the European Union as a propaganda organ for the Russian government – a witness in the case outlined a plan that formed in 2020, about a year before it assisted the DarkSide ransomware gang in its attack on Colonial Pipeline. It was the Colonial Pipeline attack that eventually led to an international operation leading to the gang’s arrest.
Yegor Kryuchkov – who was arrested by the FBI soon after – testified that a figure close to REvil’s leadership, Alexey Skorobogatov, asked him if he had any friends at large companies outside of Russia. Kryuchkov said he knew a Tesla engineer, and the plot was formed.
Skorobogatov convinced Kryuchkov to fly to the US – paid for by Skorobogatov – and offer his friend, Dmitry Volkov, a US$500,000 bribe to introduce ransomware into Tesla’s systems. The plan was to then stage a distributed denial-of-service (DDoS) attack to cover the exfiltration of data. Kryuchkov said at the time that the gang had carried out many such insider attacks.
In his recent testimony, Kryuchkov said that he asked the Tesla engineer to either introduce the malware himself or simply open an email that contained a Trojan that would then deploy the software.
Volkov, however, not only asked for double the money on offer – US$1 million – but also reported the plan to the FBI, which subsequently made an arrest. Kryuchkov spent 10 months in prison before being deported to Russia to appear in the Revil case.
Skorobogatov is not on trial.
Disappointingly, it appears that the case may end up going nowhere without US assistance, as without evidence, the Colonial Pipeline hack and other ransomware crimes are not before the court. Rather, the eight REvil members are charged with “illegal circulation of payment means committed by an organised group”, which relates to earlier carding scams – bank card theft, in other words.
And even then, there’s a lack of evidence thanks to the US stance on sharing evidence, likely associated with Russia’s decision to try the eight in a military court since one of the alleged hackers was serving in the military at the time of their crimes.
Given many REvil operators ended up working with Wagner’s Yevgeny Prigozhin and were moved into other government positions after Prigozhin’s demise, it’s not unlikely that the same could happen should the eight hackers go free.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.