US seizes more than half of ransom paid after Colonial Pipeline hack

US seizes more than half of ransom paid after Colonial Pipeline hack

‘Today we turned the tables on DarkSide’: Justice Department claws back more than half of $4.4million ransom paid to hacker group in Colonial Pipeline cyberattack

  • Justice Department announced Monday it has recovered 63.7 bitcoin ransom, which equals about $2.3million, after cyberattack on Colonial Pipeline 
  • Russia-based hacker group called DarkSide broke into Colonial Pipeline’s computer system in May and caused the company to shut down its operations
  • Hack was followed by widespread fuel shortages and panic buying in several states on the East Coast
  • Colonial Pipeline paid hackers 75 bitcoin, which equals about $4.4million
  • DOJ’s ransomware task force tracked transfers of cryptocurrency and identified that 63.7 bitcoins had been transferred to a specific address
  • FBI has ‘private key,’ or password, needed to access assets accessible from the specific bitcoin address 

The Justice Department announced on Monday it has seized more than half of the $4.4million ransom payment to DarkSide hackers after a cyberattack that caused Colonial Pipeline to halt its operations last month, causing fuel shortages and panic buying at the pump.

The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by a specialized ransomware task force created by the Biden administration Justice Department, and reflects what US officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

‘Today, we turned the tables on DarkSide,’ Deputy Attorney General Lisa Monaco said Monday at a news conference announcing the operation. ‘By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks.’ 

Deputy Attorney General Lisa Monaco announces on Monday the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline ransomware attacks in May

A Russia-based hacker group called DarkSide broke into Colonial Pipeline’s computer system and caused the company to shut down its operations, causing fuel shortages

Georgia-based Colonial Pipeline, the nation’s largest pipeline that supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after a gang of criminal hackers known as DarkSide broke into its computer system.

The hack caused a shutdown lasting several days, leading to a spike in gas prices and fuel shortages in some states on the East Coast. It posed a major political challenge for President Joe Biden as the US economy was starting to recover from the COVID-19 pandemic. 

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a 75 bitcoin ransom, which equals about $4.4million, in hopes of bringing itself back online as soon as it could.

A sign is seen as Exxon station is out of gas on May 15 after a cyberattack crippled the biggest fuel pipeline in the country

The cyberattack caused panic buying in several states on the East Coast that were affected by the shutdown of the nation’s largest fuel pipeline  

According to a press release from the DOJ, by reviewing the bitcoin public ledger, law enforcement officials were able to track multiple transfers of cryptocurrency and identify that approximately 63.7 bitcoins – the proceeds of the ransom payment – had been transferred to a specific address, for which the FBI has the ‘private key,’ or password, needed to access assets accessible from the specific bitcoin address. 

The 63.7 bitcoin that has been clawed back by the Justice Department is currently valued at $2.3million.

Bitcoin’s value has dropped in recent weeks, trading at around $36,000 on Monday after hitting $63,000 in April. 

‘The extortionists will never see this money,’ said Stephanie Hinds, the acting US attorney for the Northern District of California, where the seizure warrant was filed. 

Colonial Pipeline paid DarkSide a 75 bitcoin ransom, which equals about $4.4million to bring its operations back online 

The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks. Monaco said the takeaway for the private sector is that if companies come quickly to law enforcement, officials may be able to conduct similar seizures in the future. 

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets with Russian President Vladimir Putin this month

Source: Read Full Article