United States has recovered ransom payment made after pipeline hack

Colonial Pipeline paid about $4.4m in Bitcoin to Dark Side hackers

Colonial Pipeline paid about $4.4m in Bitcoin to Dark Side hackers

The warrant authorized seizure of 63.7 bitcoin, or $2.3 million at the current exchange rate.

"Today, we turned the tables on DarkSide by going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency", Monaco said. "This was an attack against some of our most critical infrastructure".

Colonial Pipeline, in the US state of Georgia, supplies nearly half the fuel used on the country's eastern coast.

Monaco cautioned that the U.S. Department of Justice might not always be able to recover the funds if victims of an attack opt to pay the ransom. Colonial's CEO, Joseph Blount, later called it "the right thing to do for the country" to enable pipeline operations to be restored. "This decision was not made lightly, however, one that had to be made. I will admit that I wasn't comfortable seeing money go out the door to people like this".

Ransomware hackers typically trick unwitting employees into opening an email and clicking on an attachment or a link, which then infects computer servers with malware that encrypts data and locks the systems.

"It is ONLY the Colonial Pipeline ransom, and it looks to be only the affiliate's take".

The task force was created as part of the government's response to an "epidemic" of ransomware attacks, which Monaco said have "increased in both scope and sophistication in the past year".

The private key for the Bitcoin address used by Darkside is now in the possession of the Federal Bureau of Investigation in the Northern District of California, according to an affidavit filed Monday to seize money from the Bitcoin wallet.

The bureau has been investigating DarkSide, a Russia-based criminal group, since past year, but he said it is only one of hundreds into which the FBI is looking.

California's 32-yr assault weapons ban overturned
Back in 2017, Benitez reuled that the almost longtime ban on the sales and purchases of magazines holding more than 10 bullets. California was the first state in the nation to ban the sale of "military-style assault weapons" in 1989.

Since the server was somewhere in Northern California, officials had the ability to seize it.

"The old adage "follow the money" still applies", Monaco, the deputy attorney general, said.

Worryingly, this trend of paying off criminal actors has also set off mounting concerns that it could establish a unsafe precedent, further emboldening attackers to single out critical infrastructure and put them at risk.

The DoJ's announcement left open the question of how exactly it was able to recover a portion of the payment made by Colonial, which shut down its Houston to New England fuel pipeline for a week and prompted long lines, price hikes and gas shortages at filling stations across the nation. A task force of more than 60 experts from industry, government and nonprofits issued a report in April that called ransomware "a flourishing criminal industry that not only risks the personal and financial security of individuals, but also threatens national security and human life".

The report, published by the nonprofit Institute for Security and Technology, estimated that almost 2,400 governments, healthcare facilities and schools were victims of ransomware attacks previous year. Ransom payments rose to $350 million previous year, a 300% increase over 2019, the report said. The average such payment topped $300,000. U.S. Cyber Command also has carried out offensive operations related to election security, including against Russian misinformation efforts during the U.S. midterm elections in 2018.

The Biden administration is under increasing pressure to do something about the epidemic of ransomware attacks.

At the time of the attack, President Joe Biden said the hackers were based in Russia, but were not part of the Russian government. The Justice Department has launched a task force to better coordinate its approach to the crime wave.

Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency, said at a recent symposium that he believes the U.S. will be "bringing the weight of our nation", including the Defense Department, "to take down this (ransomware) infrastructure outside the United States". Justice Department officials could not say how many other ransoms they have recovered. "Hosting support, apart from information 'at the request of law enforcement agencies, ' does not provide any other information". It's a slow game, a long-term game. It's too early to tell. "This is a big enterprise".

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.