The US recovered part of the ransom paid by Colonial Pipeline to Russian hackers for the cyberattack on the pipeline.
The US Department of Justice indicated that about 2.3 million dollars were seized of the 4.4 million dollars paid by the company to the "Darkside" group on May 8.
The United States authorities have recovered part of the ransom paid by the Colonial Pipeline. This company operates the country's oil pipeline, which suffered a cyberattack by the Russian-based group "Darkside" in May.
The US Department of Justice announced this Monday in a statement that it has seized 63.7 bitcoins, whose approximate value is 2.3 million dollars, paid on May 8 to "Darkside."
Speaking at a news conference in Washington, U.S. Deputy Attorney General Lisa O'Monaco said that part of the ransom was seized by a new Justice Department task force set up to fight "digital blackmail and ransom" attacks. ۔ "This is the first operation of its kind by a working group," he said.
The Colonial company confirmed in mid-May the payment of a $ 4.4 million ransom to "Darkside." The hacking, perpetrated with "ransomware," occurred on May 7 and paralyzed one of the largest pipeline networks in the United States for several days, in addition to causing fuel supply problems in several states.
Through "ransomware," hackers block computer systems that are not released until companies or institutions pay a ransom to cybercriminals.
A source close to the colonial investigation said the attackers also stole the company's data for alleged extortion purposes. Sometimes stolen data is more valuable to ransom criminals than the benefit of paralyzing the network. Some victims are reluctant to publish their confidential information online.
Security experts said last May that the attack should alert key infrastructure operators, including power and water utilities and energy and transport companies, so as not to invest in promoting their safety. And let them fall into darkness—the danger of destruction.
The deputy director of the FBI, Paul Abbate, pointed out in the same press conference that the operation was aimed at "the bitcoin wallet" of "Darkside," used by the Russian pirates to collect the ransom.
"Since last year, we have been investigating a Russian-based criminal group, Darkside," he said.
After the cyberattack, "Darkside" stopped operating and explained to its affiliates that a "public" part of its infrastructure had been "altered" by an agency of the security forces that it did not specify, according to two US cybersecurity companies.
The group's head, Joseph Blount, admitted to authorizing the payment of a ransom of 75 bitcoins, equivalent to $ 4.4 million, to hackers after the May attack. Authorities were able to trace financial transfers and identify 63.7 of those bitcoins.
With the recent drop in the value of the virtual currency, the sum recovered by the Justice Department was $ 2.3 million.
Monaco hopes that the Colonial Pipeline example will encourage companies that have been victims of such attacks to quickly contact the authorities. Even if there are no "guarantees," "we can do what we have done today and deprive criminals of the benefits they expected," he said.
President Joe Biden issued an executive order requiring companies to report cybersecurity breaches. In addition, the Justice Department has asked the country's prosecutors to immediately communicate any information about this type of attack to a new specialized unit.
Colonial's network, some 5,500 miles long (about 8,851 kilometers), carries 45% of the eastern United States' fuel supplies.
The pipeline carries gasoline and other fuels from Texas to the northeast of the country. It was inspired by what the colonialists described as a "ransomware" attack. Hackers often encrypt information to block access to a computer system, paralyze a network, and then demand a large ransom to free the network.
Cyber extortion attempts in the US have grown over the past year, with attacks that forced delays in cancer treatment in hospitals, disrupted schooling, and paralyzed police and city governments.
Average ransoms paid in the US increased nearly threefold to more than $ 310,000 last year. The average downtime for victims of ransomware attacks is 21 days, according to the firm Coveware, which helps victims respond.