U.S. recovers $2.3 million in bitcoin paid in the Colonial Pipeline ransom


A sign warns consumers on the avaliability of gasoline at a RaceTrac gas station on May 11, 2021, in Smyrna, Georgia.

Elijah Nouvelage | AFP | Getty Images

WASHINGTON – U.S. law enforcement officials said Monday they were able to recover $2.3 million in bitcoin paid to a criminal cybergroup involved in the crippling ransomware attack on Colonial Pipeline.

“Today we turned the tables on DarkSide,” said Lisa Monaco, Department of Justice deputy attorney general, adding that the government seized the money by court order.

Last month a criminal cybergroup known as DarkSide launched a sweeping ransomware assault on Colonial Pipeline. The cyberattack forced the company to shut down approximately 5,500 miles of American fuel pipeline, leading to a disruption of nearly half of the East Coast fuel supply and causing gasoline shortages in the Southeast.

Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.

Colonial Pipeline paid nearly $5 million ransom to the hackers, one source familiar with the situation confirmed to CNBC. It was not immediately clear when the transaction took place.

The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

After the attack by DarkSide, President Joe Biden told reporters that the U.S. did not currently have intelligence linking the group’s ransomware attack to the Russian government. Although, the assault is believed to have originated from a criminal organization in Russia. 

“So far there is no evidence from our intelligence people that Russia is involved although there is evidence that the actor’s ransomware is in Russia, they have some responsibility to deal with this,” Biden said on May 10. He added that he would discuss the situation with Russian President Vladimir Putin.

The two leaders are slated to meet in Geneva on June 16.

The Kremlin has denied claims that it has launched cyberattacks against the United States.

“The President’s message will be that responsible states do not harbor ransomware criminals, and responsible countries must take decisive action against these ransomware networks,” White House press secretary Jen Psaki told reporters in advance of the summit.

But the Biden administration is also putting pressure on the private sector to shore up its defenses against ransomware.

“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” wrote Anne Neuberger, deputy national security advisor for cyber and emerging technology, in a June 2 memo.

“To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations,” she added.

The White House is also facing questions about how it plans to modernize cybersecurity protocols and banking laws to respond to cryptocurrency, and its growing role in financial crimes from ransomware to corruption.

The role of cryptocurrency in illicit financing like ransom payment has also drawn the attention of lawmakers on Capitol Hill. 

“We have a lot of cash requirements in our country, but we haven’t figured out, in the country or in the world, how to trace cryptocurrency,” Missouri GOP Sen. Roy Blunt said Sunday on NBC’s Meet the Press. 

“You can’t trace the ransomware — the ransom payment of choice now. And we’ve got to do a better job here,” he added.



Source link