Last month, the United States recovered most of the $ 4.4 million (£ 3.1 million) ransom paid to cybercriminals who took the Colonial Pipeline offline.
DarkSide, which said it was operating from Eastern Europe and perhaps Russia, broke into the pipeline last month, according to US officials.
The attack interrupted supply for several days, causing a fuel shortage.
According to the company, the pipeline carries 45% of East Coast diesel, gasoline and jet fuel.
On Monday, Deputy Attorney General Lisa Monaco said investigators “discovered and regained” $ 2.3 million worth of 63.7 Bitcoins-the “most” of the ransom paid. After the ransom was paid. , The value of Bitcoin has fallen sharply.
In the past, the US government has recommended not paying criminals for ransomware attacks in case a company invites further hacks in the future.
Since then, we have urged companies to strengthen their security measures against such ransomware attacks. Commerce Secretary Gina Raimondo said on Sunday that President Biden would raise the issue of such an attack with Russian President Vladimir Putin at a meeting scheduled this month.
Colonial Pipeline went offline on Friday, May 7, after a cyberattack.
In a statement, Colonial Pipeline Company CEO Joseph Braunt said he was grateful to the FBI for “quick work and professionalism” that helped collect the ransom.
“Bringing cybercriminals accountable and disrupting the ecosystem that enables them to operate is the best way to deter and defend against future attacks,” he added.
“A powerful message to hackers”
This is a major victory in America’s ongoing battle against the ransomware tragedy.
As far as I know, it’s the first time to steal a ransom, which shows how well the United States is going to stop cybercriminals.
This sends a powerful message to gangsters who have been operating in states like Russia for years without punishment.
Perhaps intentionally, the Justice Department is ambiguous about exactly how it was done.
All they say is that the “private key” of the criminal’s Bitcoin wallet is “owned by the FBI.”
Using this key, which is effectively a password, agents could easily log in and send digital coins to another wallet they manage.
The world of cybersecurity is bustling with rumors and theories about how passwords were obtained.
Perhaps the key was found on a confiscated server, given by an angry insider, or transferred from a partner company used as part of the criminal infrastructure.
Either way, it’s a big moment and it’s shocking.
After the May attack, Colonial paid for cryptocurrencies, and instead the company received a decryption tool that was able to unlock the system compromised by hackers. According to The Wall Street Journal..
Broto told the newspaper that he approved the payment on May 7, after consulting with experts who had previously dealt with the dark side.
He said, “Did not [that decision] “Lightly” but believed that “that’s the right thing to do for the country.”
Blount added that it would take months for some business systems to recover, and estimates that the attack would ultimately cost the company tens of millions of dollars.
At the time of the hack, DarkSide’s criminal organization confirmed the case in an official statement.
“Our goal is to make money, not to cause problems for society,” DarkSide wrote on the website.
“We don’t participate in geopolitics and we don’t have to look for our motives in connection with a defined government,” the group added.