According to Russia Today TELEVISION (RT) reported on the 7th, the US Department of Justice has managed to find and recover the ransom of 63.7 bitcoins, worth about $2.3 million, from a "wallet" used by a hacker who allegedly ransomed the American Colonial Pipeline. Previously, a ransomware attack on a colonial pipeline company led to a fuel shortage in much of the United States.
Screenshot of the Russian RT website report
Deputy Attorney General Lisa Monaco announced Monday that the Justice Department, in collaboration with Colonial Pipeline, obtained a search warrant in a federal court in California and successfully "found and recovered most of the ransom money" from a bitcoin "wallet, the online account in which the bitcoins were stored." She said this was the first time such an operation had ever been undertaken.
The CEO of Colonial Pipelines acknowledged last month that the company had paid a ransom in cryptocurrency, estimated at the time at $4.4 million, and said "this is the right thing to do for the country."
Source: Reuters
Asked by reporters about the remaining ransom (about $2 million), Monaco ignored the question, instead reiterating that this was the first time the U.S. Department of Justice's Ransomware and Digital Ransomware Task Force had seized a ransom paid for by bitcoin ransomware. She warned that the Justice Department's ability to recover some of the funds this time does not mean it can do so in all cases. If a company chooses to ignore the FBI's advice and pay a ransom anyway, they should step up and cooperate with law enforcement if they want to get some money back.
FBI Director Paul Abbate said the ransomware used in the attack was developed by hacking group DarkSide, a "cybercrime group based in Russia," but he did not provide any evidence to support that claim.
Colonial Pipelines, Inc. Source: Reuters
U.S. cybersecurity firm Elliptic announced on May 17 that it had tracked down 47 different cryptocurrency "wallets" used by DarkSide that processed at least $90 million worth of bitcoin before being abruptly shut down under pressure from U.S. authorities. About 80 percent of the money was transferred to affiliates of criminal gangs, and DarkSide left $15.5 million as a reward for developing ransomware.
Colonial Pipelines, whose pipelines supply fuel to much of the southeastern United States, shut down for a week in mid-May after its invoicing system was hit by a ransomware attack, leaving millions of Americans queuing up at gas stations to buy fuel. The Biden administration denies supply shortages while denouncing "hoarders" and price gouging.
Charles Carmakal, vice president of cybersecurity firm Mandiant, told Bloomberg last week that hackers could access Colonial Pipes' servers using a single password from an "old" virtual private network (VPN). Colonial Pipelines confirmed that such VPNs are not used "regularly" and that only a small number of employees are allowed to do so. (Editor: HHJ)