A sign warns consumers of the availability of gasoline at a RaceTrac gas station on May 11, 2021 in Smyrna, Georgia.
Elijah Nouvelage | AFP | Getty Images
WASHINGTON – U.S. law enforcement officials announced Monday they were able to get back $ 2.3 million in Bitcoin paid to a cyber criminal group involved in the crippling ransomware attack on the Colonial Pipeline.
"Today we turned the tables at DarkSide," said Lisa Monaco, Assistant Attorney General for the Justice Department, during a press conference, adding that the money was seized by a court order.
In addition to Monaco, FBI Deputy Director Paul Abbate stated that agents were able to identify a virtual wallet that the DarkSide hackers used to collect payments from the Colonial Pipeline.
"With the help of law enforcement agencies, sacrificial funds were confiscated from this wallet, preventing Dark Side actors from using it," Abbate said.
The Bitcoin wallet was hosted on a network in Northern California, according to court documents. This made it likely easier for US law enforcement to recover the funds than if the wallet had been stored on a network overseas.
DarkSide operates as a “Ransomware as a Service” business model, which means that their hackers develop and commercialize ransomware hacking tools and sell them to other criminal “partners” who then carry out attacks.
It is still unclear who DarkSide's partners were in the attack on the Colonial Pipeline.
U.S. Assistant Attorney General Lisa Monaco gives during a press conference with Assistant FBI Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds at the Department of Justice in Washington, June 7, 2021.
Jonathan Ernst | Reuters
Last month, a cyber criminal group called DarkSide launched a widespread ransomware attack on the Colonial Pipeline. The cyberattack forced the company to shut down an American fuel pipeline approximately 5,500 miles long, causing a disruption to fuel supplies on the east coast and a gas shortage in the southeast.
Ransomware attacks involve malware that encrypts files on a device or network, causing the system to become inoperable. Criminals behind such cyberattacks usually demand a ransom in exchange for releasing data.
Colonial Pipeline paid nearly $ 5 million in ransom to the hackers, a source familiar with the situation, CNBC confirmed. It wasn't immediately clear when the transaction took place.
The FBI previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
The government has stopped banning ransomware payments altogether, fearing that a ban would have little impact on whether or not companies pay ransom and simply stop them from reporting attacks.
The public announcement was part of a wider effort to address longstanding reluctance by the private sector to publicly report cyberattacks and to involve the government in their responses.
"The message here today is that [if you report the attack] we will use all of our tools to track down these criminal networks," said Monaco.
Officials stressed the benefits of companies reporting cyber violations quickly to the FBI.
"Not only can victim reporting provide us with the information we need to have an immediate impact on actors in the real world … it can also prevent future harm," Abbate said.
Following the DarkSide attack, President Joe Biden told reporters that the US currently has no information linking the group's ransomware attack to the Russian government. However, the attack is said to have originated from a criminal organization in Russia.
“So far, there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor's ransomware is located in Russia. You have a certain responsibility to deal with it, ”Biden said on May 10th. He added that he discussed the situation with Russian President Vladimir Putin.
The two heads of state will meet in Geneva on June 16.
The Kremlin has denied that it launched cyberattacks against the US.
"The message from the president will be that responsible states do not harbor ransomware criminals and that responsible countries must act decisively against these ransomware networks," White House spokeswoman Jen Psaki told reporters ahead of the summit.
The Biden government is also putting pressure on the private sector to strengthen its defenses against ransomware.
"All organizations need to recognize that no company is safe from ransomware attacks, regardless of size or location," wrote Anne Neuberger, Deputy National Security Advisor for Cyber and New Technologies, in a memo dated Jan.
"To understand your risk, executives should immediately convene their executive teams to discuss the ransomware threat and review the company's security and business continuity plans to ensure you can continue operations or quickly recover," added she added.
At the same time, the White House is looking at how cybersecurity protocols and banking laws can be modernized to respond to cryptocurrency and its growing role in financial crime, from ransomware to corruption.
The proliferation of cryptocurrencies in crimes like ransomware attacks has also caught the attention of lawmakers on Capitol Hill.
"We have a high demand for cash in our country, but we have not found out how to trace cryptocurrencies in the country or in the world," Missouri GOP Sen. Roy Blunt said on NBC's Meet the Press on Sunday.
“You can't trace the ransomware – ransom payment of choice now. And we have to do a better job here, ”he added.