USA recovers half of ransom paid to pipeline hackers

Joanna Estrada
Июня 8, 2021

The United States has reportedly recovered millions in cryptocurrency paid to hackers behind the Colonial Pipeline ransomware attack.

US officials said Monday that they captured about 63.7 Bitcoin traced to recipients of a 75-Bitcoin ransom paid by Colonial soon after the early May attack that resulted in a shutdown of the nation's largest gas pipeline, resulting in fuel shortages across the east coast just ahead of the Memorial Day weekend.

"Today, we deprived a cybercriminal enterprise of the object of their activity, their financial proceeds and funding", FBI Deputy Director Paul Abbate said during a press conference Monday. "[.] By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks".

The VPN login - which didn't have multi-factor protections on - was unused but active at the time of the attack, the report said, adding the password has since been discovered inside a batch of leaked passwords on the dark web, suggesting that an employee of the company may have reused the same password on another account that was previously breached. President Joe Biden intends to confront Russia's leader, Vladimir Putin, about Moscow's harboring of ransomware criminals when the two men meet in Europe later this month. To date, no one behind the Colonial Pipeline attack has been publicly indicted, and the hackers still made off with a small portion of the ransom.

The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data - and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.

Colonial transports approximately 45% of all fuel consumed on the East Coast. The company was up and running within days, but the slowdown meant delays still remained in the aftermath of the attack.

In May, the company admitted it paid million ransom in Bitcoin cryptocurrency.

"We needed to do everything in our power to restart the system quickly and safely".

Reiner said those limits do not mean the United States can not still make progress against defeating ransomware, comparing it with America's ability to degrade the terrorist group al-Qaida while not capturing its leader, Ayman al-Zawahiri, who took over after USA troops killed Osama bin Laden. "This decision was not made lightly, however, one that had to be made". The 63.7 bitcoin ransom - a favored currency of hackers because of the perception that it is more hard to trace - is now valued at $2.3 million.

News of the seizure was first reported by CNN.

The bureau has been investigating DarkSide since a year ago, Abbate said, and has identified more than 90 victims of its ransomware in manufacturing, legal, insurance and healthcare industries. In an affidavit (pdf) supporting the warrant application, authorities said they reviewed bitcoin's public ledger and pinpointed the transfer of the ransom to a specific address.

"In this heightened threat landscape, we all have a role to play in keeping our nation safe". No organization is immune.

The development comes amid an explosion of ransomware attacks in recent months, including that of Brazilian meat processing company JBS last week by Russia-linked REvil group, underscoring a threat to critical infrastructure and introducing a new point of failure that has had a severe impact on consumer supply chains and day-to-day operations, leading to fuel shortages and delays in emergency health procedures. The FireEye-owned subsidiary is now assisting Colonial Pipeline with the incident response efforts following a ransomware attack on May 7 that led to the company halting its operations for almost a week.

The directive came from the Transportation Security Administration, an arm of DHS known for protecting the skies that also oversees pipeline security.

Other reports by

Discuss This Article