The Department of Justice has recovered about $2.3 million in Bitcoin that was paid as ransom to hackers of Colonial Pipeline. The ransomware attack shut down the East Coast pipeline last month.
East Coast pipeline paid a $4.4 million ransom to Darkside, a Russian-based cybercriminal group, to regain access to their information.
“Following the money remains one of the most basic, yet powerful, tools we have,” Lisa Monaco, Deputy Attorney General, said. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
The US Attorney’s Officer for the Northern District of California issued the seizure warrant.
“The extortionist will never see this money,” Stephanie Hinds, acting US Attorney for the Northern District of California, said during a news conference at the Justice Department. “New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hardworking Americans.”
Joseph Blount, Colonial Pipeline CEO, told The Wall Street Journal that he didn’t know the extent of the damage by the hackers nor how long it would take to rectify.
“When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C. to share with them what we knew at that time. The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable,” Blount said.
FBI Director Christopher Wray told The Wall Street Journal that the collaboration between law officials and ransomware victims could yield positive results.
“I don’t want to suggest that this is the norm, but there have been instances where we’ve even been able to work with our partners to identify the encryption keys, which then would enable a company to actually unblock their data — even without paying the ransom,” Wray said.
The United States government has vowed to prioritize cyber threats on the same level as terrorism.
“It will take improved defenses, breaking up the profitability of ransomware and directed action on the attackers to make this stop,” a source familiar with the Colonial investigation said.
“Individual companies feel under pressure – particularly if they haven’t done the cybersecurity work — to pay off the ransom and move on,” Anne Neuberger, Deputy National Security Advisor, said. ” But in the long-term, that’s what drives the ongoing ransom [attacks]. The more folks get paid, the more it drives bigger and bigger ransom and more and more potential disruption.”
Cyber attackers are demanding payment in cryptocurrency.
“In the Bitcoin era, laundering money is something that any nerd can do. You don’t need a big organized crime apparatus anymore,” Alex Stamos, former Facebook chief security officer and co-founder of Krebs Stamos Group, said.
Ransomware is malicious software that disables systems and seizes control of a computer until a fee is paid.
“We must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that tallow these threats to persist,” Monaco said.
The Department of Justice files internal reports for all ransomware attacks.
“Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally… it’s happening all the time,” Jennifer Granholm, Energy Secretary, said.