當地時間周一,美國司法部召開釋出會宣布,已追回科洛尼爾輸油管道公司上月支付給黑客組織的等值約230萬美元的比特币贖金。
司法部副部長麗莎•莫納科(Lisa Monaco)在釋出會上表示,調查人員繳獲了63.7枚比特币,目前價值約230萬美元。
今年5月,黑客組織攻擊了美國大型燃油運輸管道營運商——科洛尼爾輸油管道公司。
5月7日,科洛尼爾管道運輸公司(Colonial Pipeline)發表聲明說,該公司當天發現遭到勒索軟體(ransomware)攻擊後,“主動關閉某些系統以控制威脅,這使得所有管道中斷運作,部分資訊技術系統也受到影響”。
美國東海岸有近半燃油是通過科洛尼爾公司的管道輸送,關閉燃油管道輸送系統對美國東海岸燃油供應造成嚴重影響,該地區的汽油價格飙升,觸及六年多來的最高水準,數千家加油站成品油告罄。
A customer helps pumping gas at Costco, as other wait in line, on Tuesday, May 11, 2021, in Charlotte, N.C. Colonial Pipeline, which delivers about 45 percent of the fuel consumed on the East Coast, halted operations last week after revealing a cyberattack that it said had affected some of its systems. /AP
随後,該公司向黑客組織支付了等值約440萬美元的(75枚)比特币贖金。
The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline, cracking down on hackers who launched the most disruptive U.S. cyberattack on record.
Deputy Attorney General Lisa Monaco said investigators had seized 63.7 bitcoins, now valued at about $2.3 million, paid by Colonial after last month's hack of its systems that led to massive shortages at U.S. East Coast gas stations.
The Justice Department has "found and recaptured the majority" of the ransom paid by Colonial, Monaco said.
據路透社報道,美國聯邦調查局(FBI)在一份書面證詞中聲稱他們獲得了一個私人密鑰,以此解開了黑客用以接收大量贖金的比特币錢包,找回了資金。目前尚不清楚FBI是如何獲得密鑰的。
雖然司法部此次追回了超80%的比特币贖金,但由于近期比特币價格下跌,追回的比特币價值隻略微超過了原本支付贖金價值的一半。
An affidavit filed on Monday said the FBI was in possession of a private key to unlock a bitcoin wallet that had received most of the funds. It was unclear how the FBI gained access to the key.
A judge in San Francisco approved the seizure of funds from this "cryptocurrency address," which the filing said was located in the Northern District of California.
Colonial Pipeline had said it paid the hackers nearly $5 million to regain access. Bitcoin was trading down nearly 5 percent around 6:00 p.m. ET (2200 GMT). The cryptocurrency's value has dropped to around $34,000 in recent weeks after hitting a high of $63,000 in April.
Tanker trucks are parked near the entrance of Colonial Pipeline in Charlotte, North Carolina, U.S., May 12, 2021. /VCG
美國聯邦調查局(FBI)認為,這次攻擊來自一個名為“黑暗面”(DarkSide)的黑客團夥。FBI副局長保羅•阿巴特(Paul Abbate)周一的新聞釋出會上表示,黑暗面是一個總部位于俄羅斯的網絡犯罪集團。
The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gas prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.
The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.
Deputy FBI Director Paul Abbate, who spoke at the same news conference as Monaco on Monday, described DarkSide as a Russia-based cybercrime group.
Abbate said the FBI was tracking more than 100 ransomware variants. DarkSide itself victimized at least 90 U.S. companies, including manufacturers and healthcare providers, he said.
有美媒指出,這是美國首次通過司法部新成立的“勒索軟體和數位勒索特别行動組”追回已支付給黑客的贖金。
錢要回來了總歸是件好事,但網友們似乎對FBI如何追蹤到這筆錢依舊疑問重重……
“是的,這些黑客已經成熟到能夠接管整個油氣設施,但同時他們又單純得不知道如何設定一個私鑰。好吧……”
“這麼說我媽的比特币享有比這些精英黑客組織更高的安全級别……好的。”
“黑客隻是碰巧把比特币放在了一個FBI有私鑰的錢包裡。”