U.S. recovered millions in cryptocurrency paid in ransom in Colonial pipeline hack

Colonial Pipeline paid about $4.4m in Bitcoin to Dark Side hackers

"The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge, but the old adage "follow the money" still applies", said Lisa Monaco, President Biden's deputy attorney general, during a press conference on Monday afternoon.

The cyberattack was a significant one in the US because Colonial operates the largest refined-products pipeline in the country, which spans more than 5,500 miles and transports more than 100 million gallons, or 2.5 million barrels, of fuel a day to consumers from Houston to the New York Harbor.

Stating that the Federal Bureau of Investigation is looking at ways to disrupt the criminal ecosystem that supports the ransomware industry, Director Christopher Wray told the Wall Street Journal that the agency is investigating almost 100 different types of ransomware, a lot of them traced backed to Russian Federation, while comparing the national security threat to the challenge posed by the September 11, 2001 terrorist attacks.

The report, published by the nonprofit Institute for Security and Technology, estimated that almost 2,400 governments, healthcare facilities and schools were victims of ransomware attacks previous year. The FBI believes a group with ties to Russian Federation called DarkSide carried out the attack on Colonial Pipeline.

"Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks", Blount said.

Monaco cautioned that the U.S. Department of Justice might not always be able to recover the funds if victims of an attack opt to pay the ransom.

Stealing back a ransom is, to my knowledge, a first and it shows how far the USA is willing to go to deter cyber-criminals.

The growing problems caused by these gangs raise a clear question: Why has the United States looked so powerless to protect its citizens from these kinds of criminals?

"As a private company, we don't have a political capability of shutting down the host countries that have these bad actors in them". The FBI has taken possession of the private key for this address, but the process by which it did so is unclear. The ledger does not contain information identifying who controls the wallet.

DarkSide operates under a ransomware-as-a-service model in which it provides the malware that a criminal affiliate can use to lock up data on a victim's computer system.

Either way, it's a big moment and it is sending shockwaves.

MORE: Hackers demanded "millions" in ransom from Colonial Pipeline, sources say © Chris Carlson/AP, FILE The entrance of Colonial Pipeline Company in Charlotte, N.C., May 12, 2021.

Mr Blout told the newspaper he authorised the payment on 7 May after discussions with experts who had previously dealt with DarkSide.

Reiner said those limits do not mean the United States can not still make progress against defeating ransomware, comparing it with America's ability to degrade the terrorist group al-Qaida while not capturing its leader, Ayman al-Zawahiri, who took over after USA troops killed Osama bin Laden.

Fears over fuel shortages spurred some customers to panic buy petrol in the United States.

Update: The Justice Dept info is trickling out and it says hackers were paid 75 bitcoin and the government was able to recover 63.7 of them.

At the time of the hack, the DarkSide criminal gang acknowledged the incident in a public statement.

"We do not participate in geopolitics, do not need to tie us with a defined government and look for. our motives", the group added.



Other news