In Episode 8 of Know Your Adversary™, we detail an August 2020 investigation when a Russian gang member named Egor Igorevich Kriuchkov traveled to the United States to recruit an employee of a US-based manufacturing company and to install ransomware on the network via USB thumb drive. He offered the employee $500,000, and if the operation was successful, the Russian gang was going to extort the company for $5,000,000. 

Fortunately, the company prepared the employee for this type of scenario and reported Egor. A subsequent FBI investigation arrested Egor and deported him back to Moscow, since there was a minimal loss.

This investigation details the sophisticated roles and responsibilities of ransomware gangs, identifying them as having a unionized effort. More strikingly, the investigation points to a potentially growing trend of recruiting employees to deliver malware payloads instead of just conducting the infiltrations remotely. 

Our guest for this episode is Charles Finfrock, who was previously a security intelligence professional for the company.

Key Takeaways:

1. Ransomware gangs can and will travel  to the United States and recruit employees to deliver the payloads.
2. A training and awareness program should empower employees to act as a sensor network to provide tips for a potential malicious nation-state or gang recruitment. 
3. Mature security intelligence and investigations programs are critical to deter these attacks at scale. 
4. Partnership with federal law enforcement should be established before an attack occurs to help expedite response.