Published: Tue, June 08, 2021

U.S. says majority of multimillion-dollar ransom payment to hackers recovered

U.S. says majority of multimillion-dollar ransom payment to hackers recovered

Deputy Attorney General Lisa Monaco announces the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline Co. ransomware attacks as she speaks with FBI Deputy Director Paul Abbate and acting U.S. Attorney for the Northern District of California Stephanie Hinds at the Justice Department in Washington.

The department said in a later statement that Colonial Pipeline had paid a ransom demand of about 75 bitcoins, and that it had recovered about 63.7 bitcoins, which are now valued at about $2.3 million.

As head of Colonial Pipeline, operating more than 8,000 kilometers of the pipeline, the company paid a ransom estimated at $4.4 million, demanded by hackers from Russian Federation, just hours after a cyber attack on its system. Press secretary Jen Psaki said Wednesday that "we're not going to take options off the table", but she did not elaborate.

Ransomware gangs can move around, do not need much infrastructure to operate and can shield their identities.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.

The Department of Justice seized almost 64 bitcoin, worth approximately $2.3 million.

The employee immediately notified a supervisor, who started the process of shutting down the pipeline to contain the threat. "I know that's a highly controversial decision", Blount told the newspaper.

Ransomware attacks - in which hackers encrypt a victim organization's data and demand a hefty sum for returning the information - have flourished across the globe.


The development, which was reported by Bloomberg on Friday, involved gaining an initial foothold into the networks as early as April 29 through the VPN account, which allowed employees to access the company's networks remotely. The ransomware software provider, DarkSide, would have gotten the other 15%. DarkSide's product is one of about 100 ransomware variants the FBI is investigating, Abbate said. DarkSide, which is developed by a Russian criminal group that licenses it out to less sophisticated hackers, has struck more than 90 USA critical infrastructure companies in sectors ranging from manufacturing and health care to energy and insurance, Abbate said.

Last month, hackers infiltrated Colonial Pipeline's computer network, which resulted in the massive shutdown of its pipeline. The DOJ also recently created a ransomware task force to marshal its resources against the problem.

Fighting ransomware requires the nonlethal equivalent of the "global war on terrorism" launched after the September 11 attacks, said John Riggi, a former Federal Bureau of Investigation agent and senior adviser for cybersecurity and risk for the America Hospital Association.

The average ransom paid in the U.S. has increased nearly tripled to more than $310,000 in the past year.

Cybersecurity experts and former federal prosecutors and agents blamed several trends for the spike. U.S. Cyber Command also has carried out offensive operations related to election security, including against Russian misinformation efforts during the U.S. midterm elections in 2018.

The Biden administration is under increasing pressure to do something about the epidemic of ransomware attacks. When the victim pays the ransom to free up the system, the affiliate keeps a majority of the payment, while DarkSide gets the rest.

Doss notes it is probable that in their surveillance, officials may have had search warrants that enabled them to access the emails or other communication by one or more of the people who participated in the scheme. "The question is: Will this be big enough to change the behavior of DarkSide or of other cyber actors?" It's a slow game, a long-term game.

Like this: