The sign warns consumers about the availability of gasoline at the RaceTrac gas station on May 11, 2021 in Smyrna, Georgia.
Elijah Nouvelage AFP | Getty Images
WASHINGTON – U.S. law enforcement officials said Monday that they managed to recover $ 2.3 million in bitcoin paid to a criminal cyber group involved in a crippling ransomware attack on the Colonial Pipeline.
“Today we turned the board on DarkSide,” Lisa Monaco, deputy attorney general at the Justice Department, said during a press briefing, adding that the money was seized by court order.
Along with Monaco, FBI Deputy Director Paul Abbate explained that agents were able to identify the virtual currency wallet that DarkSide hackers used to collect from Colonial Pipeline.
“Using law enforcement agencies, funds for the victims were seized from that wallet, which prevented Dark Side actors from using them,” Abbate said.
The Bitcoin wallet was hosted on a network located in Northern California, according to court documents. This probably made it easier to recover funds from U.S. law enforcement agencies than it would have been if the wallet had been stored online abroad.
DarkSide acts as a “ransomware as a service” business model, meaning that its hackers develop and market tools to hack ransomware software and sell them to other criminal “affiliates” who then carry out attacks.
It is still unclear who DarkSide affiliates were under attack on the colonial pipeline.
U.S. Deputy Attorney General Lisa Monaco announces the recovery of a million-dollar cryptocurrency from the Colonial Pipeline Co. ransomware attack. while speaking during a press conference with FBI Deputy Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds at the Department of Justice in Washington, DC, June 7, 2021.
Jonathan Ernst | Reuters
Last month Dark side launched an extensive ransomware attack on the colonial pipeline. Cybernetics forced the company to close approximately 5,500 miles of U.S. fuel pipeline, which cut off nearly half of the East Coast’s fuel supply and caused gasoline shortages in the southeast.
Ransomware attacks involve malicious software that encrypts files on a device or network, causing the system to become inactive. The criminals behind these types of cyber attacks usually demand a ransom in exchange for publishing the data.
Colonial Pipeline paid the hackers nearly five million dollars in ransom, one source familiar with the situation confirmed to CNBC. It was not immediately clear when the transaction took place.
The FBI previously warned ransomware attack victims that paying a ransom could encourage further malicious activity.
The government has stopped advocating a total ban on ransomware payments, out of concern that it would have little impact on whether companies pay ransoms or simply discourage them from reporting attacks.
The public announcement is part of a broader effort to counter the long-standing reluctance of the private sector to report publicly on cybernetads and to involve the government in its responses.
“The message here today is this [if you report the attack], we will bring all our tools that we will be able to endure to go in search of these criminal networks, “Monaco said.
Officials stressed the benefits that companies that quickly report cyber violations to the FBI must gain.
“Reporting on victims can not only give us the information we need to have an immediate real impact on actors … but it can also prevent future damage,” Abbate said.
“The private sector must also play an equally important role and we must continue to take cyber threats seriously and invest accordingly to strengthen our defenses,” Colonial Pipeline CEO Joseph Blount said Monday night.
“As our investigation into this event continues, Colonial will continue to be transparent in sharing intelligence and insights with the FBI and other federal agencies,” he said.
After the DarkSide attackPresident Joe Biden told reporters that the U.S. currently has no intelligence linking the ransomware attack group to the Russian government. Although the attack is believed to have originated from a criminal organization in Russia.
“For now, there is no evidence from our informants that Russia is involved, although there is evidence that the actor’s ransomware is in Russia, they have a certain responsibility to deal with it,” Biden said on May 10. He added that he would discuss the situation with the Russian president Vladimir Putin.
The two leaders are to meet Geneva, 16 June.
The Kremlin has denied launching cyber attacks on the United States.
“The president’s message will be that responsible states do not hide criminals’ purchasers, and responsible countries must take decisive action against these ransomware networks,” White House spokeswoman Jen Psaki told reporters before the summit.
The Biden administration is also putting pressure on the private sector to strengthen its defense against ransomware.
“All organizations must recognize that no company is protected from ransomware attacks, regardless of size or location,” wrote Anne Neuberger, deputy national security adviser for cyber and emerging technology. in a letter dated June 2nd.
“To understand your risk, business executives should immediately convene their management teams to discuss the ransomware threat and review security postures and business continuity plans to ensure you have the ability to continue or resume operations quickly,” she added.
At the same time, the White House is struggling with ways to modernize cybersecurity protocols and banking laws to respond to cryptocurrency and its growing role in financial crime, from ransomware to corruption.
The prevalence of cryptocurrencies in crimes like ransomware attacks has also drawn the attention of lawmakers on Capitol Hill.
“We have a lot of monetary needs in our country, but we haven’t figured out, either in the country or in the world, how to track down cryptocurrencies,” Missouri GOP Sen. Roy Blunt said on Sunday in the NBC program. “Meet the Press.”
“You can’t find ransomware now – a selected ransom payment. And we have to do a better job here,” he added.