U.S. Reportedly Recovers Millions in Cryptocurrency Paid to Colonial Pipeline Hackers

Remigio Civitarese
Giugno 8, 2021

DarkSide, the cybercrime syndicate behind the attack, has since disbanded, but not before stealing almost 100 gigabytes of data from Colonial Pipeline in the act of double extortion, forcing the company to pay a $4.4 million ransom shortly after the hack and avoid disclosure of sensitive information.

"The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month's ransomware attack", Lisa Monaco, U.S. deputy attorney general, said during a press conference.

Because of the declining value of Bitcoin since the ransom was paid, the US seizure in late May amounted to $2.3 million, just over half the $4.4 million paid weeks earlier after the ransom was demanded.

"Today we turned the tables on DarkSide", Monaco pronounced. "This was an attack against some of our most critical infrastructure".

The entrance of Colonial Pipeline Co.in Charlotte, N.C. The company was the victim of a ransomware attack last month.

Colonial transports approximately 45% of all fuel consumed on the East Coast.

Monaco cautioned that the U.S. Department of Justice might not always be able to recover the funds if victims of an attack opt to pay the ransom. "I didn't make it lightly".

Ransomware attacks - in which hackers encrypt a victim organization's data and demand a hefty sum for returning the information - have flourished across the globe.

USA officials say they are dealing with the threat of computer attacks aggressively. Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said the most likely explanation is that law enforcements agent seized money from a specific DarkSide affiliate responsible for bringing the crime gang the initial access to Colonial's systems.

The bureau has been investigating DarkSide, a Russia-based criminal group, since a year ago, but he said it is only one of hundreds into which the FBI is looking.

The action signals US law enforcement's ability, in some cases at least, to track cryptocurrency, identify digital wallets and seize funds, a potentially powerful tool in combating ransomware attacks in particular.

"The old adage "follow the money" still applies", Monaco, the deputy attorney general, said.

"When Colonial was attacked on May 7, we quietly and quickly contacted the local Federal Bureau of Investigation field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C.to share with them what we knew at that time", Colonial Pipeline's Blount said in a statement on Monday.

- Today, the Department of Justice is announcing a significant development in the ransomware attack on the colonial pipeline.

A public-private task force including Microsoft and Amazon made similar suggestions in an 81-page report that called for intelligence agencies and the Pentagon's U.S. Cyber Command to work with other agencies to "prioritize ransomware disruption operations".

Reiner said those limits do not mean the United States can not still make progress against defeating ransomware, comparing it with America's ability to degrade the terrorist group al-Qaida while not capturing its leader, Ayman al-Zawahiri, who took over after USA troops killed Osama bin Laden. The average such payment topped $300,000. Cybercriminals have also begun to increasingly operate within the borders of US adversaries, particularly Russian Federation.

The Biden administration is under increasing pressure to do something about the epidemic of ransomware attacks. Biden said he will discuss ransomware attacks this week with US allies during a European trip, and bring up the subject during a June 16 meeting with Russian President Vladimir Putin. He said at a recent meeting that he believes the USA will be "bringing the weight of our nation", including the Defense Department, "to take down this (ransomware) infrastructure outside the United States". Justice Department officials could not say how many other ransoms they have recovered.

"This is a big deal", said Scott Jasper, a lecturer at the Naval Postgraduate School and author of "Russian Cyber Operations: Coding the Boundaries of Conflict". For example, DarkSide, the group responsible for the fuel pipeline attack, lends its ransomware software to partners to carry out attacks for a price.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE