US says it seized $2.3 million in bitcoin from ransom Colonial Pipeline paid to ‘Russia-based’ hackers
The US Department of Justice has managed to track down and recapture 63.7 bitcoin worth of ransom from a wallet allegedly used by hackers who extorted Colonial Pipeline. The ransomware attack had caused widespread gas shortages.
With cooperation from Colonial, the DOJ got a warrant in a federal court in California and successfully “found and recaptured the majority of the ransom” from a bitcoin wallet, Deputy Attorney General Lisa Monaco announced on Monday. It was the first seizure of this kind ever, she said.
Colonial’s CEO admitted last month the company had paid a ransom in cryptocurrency – estimated at $4.4 million at the time – and argued “it was the right thing to do for the country.”
Also on rt.com Colonial Pipeline CEO confirms paying $4.4 million ransom to hackers, says he did it for AmericaAsked by reporters what may have happened to the other part of the ransom – estimated at $2 million – Monaco brushed off the question, circling back to her announcement that this was the first time ever that the DOJ’s Ransomware and Digital Extortion Task Force had seized a bitcoin ransomware payment.
Just because they were able to recover some of the funds this time, she cautioned, doesn’t mean they will be able to do so in every case. If a company chooses to ignore the FBI advice and pay ransom anyway, they should come forward and work with law enforcement if they want to get some of it back.
More info from the warrant here. So it looks like I was right. The FBI did not obtain the private keys. Instead, they took legal action against an exchange or some kind of custodial wallet that has servers in N California (Coinbase, lol?). These "hackers" were grossly incompetent pic.twitter.com/27YN3FMJUM
— Jordan Schachtel (@JordanSchachtel) June 7, 2021
FBI Deputy Director Paul Abbate described DarkSide, the alleged authors of the ransomware that was used in the attack, as a “Russia-based cybercrime group,” offering no evidence for the claim.
The cybersecurity company Elliptic announced on May 17 that it had tracked down 47 distinct cryptocurrency wallets used by DarkSide, which had processed at least $90 million worth of bitcoin before they were suddenly closed under pressure from US authorities. About 80% of the money was sent to criminal affiliates, with DarkSide keeping $15.5 million as payment for the ransomware they allegedly developed.
Also on rt.com Oil pipeline cyberattack exposes America’s multi-trillion dollar infrastructure security crisisThe pipeline that runs from Texas to New York supplies much of the southeastern US with fuel. Its weeklong shutdown in mid-May, due to the ransomware attack on its invoicing systems, left millions of Americans queuing up at gas stations. The Biden administration denied there was a shortage, while denouncing “hoarders” and price-gouging.
Hackers were able to access Colonial’s servers by using a single password from a ‘legacy’ virtual private network (VPN), Charles Carmakal of the cybersecurity company Mandiant, which consulted on the breach, told Bloomberg News last week. Colonial confirmed that this particular VPN was not “routinely” used and that only a handful of employees had access to it.
Think your friends would be interested? Share this story!