The U.S. DoJ Recover Millions in BTC Ransomware Paid to Russian Hackers
The Justice Department has recovered most of a multimillion-dollar ransom payment to Darkside, a Russia-based hacker group, after a cyberattack that made the operator of the nation’s largest fuel pipeline, the East Coast pipeline, halt its operations last month.
The operation to seize cryptocurrency paid by the hacker group is the first of its kind. The recovery of a ransom paid by a company that had fallen under a cyberattack was rare.
It was undertaken by a specialized ransomware task force formed by the Biden administration Justice Department. The seizure warrant was authorized through the U.S. Attorney’s Office for the Northern District of California. It shows a rare victory in the war against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries worldwide.
The Hackers’ Days are Numbered
During a press conference Lisa Monaco, the U.S. deputy attorney general, said the Department of Justice turned the tables on DarkSide by recapturing the majority of ransom Colonial paid to the DarkSide network in the wake of the ransomware attack.
She added that ransomware attacks are always unacceptable, but they will spare no effort in their response when they target critical infrastructure.
The Justice Department said it seized about$2.3 million of the $4.4 million paid in Bitcoins to the ransomware group by court order from the account. The FBI said it has been investigating DarkSide, which has been sharing its malware tools with other hackers, for more than a year.
On May 8, Colonial Pipeline paid a ransom of approximately $4.4 million to the Russia-based hacking group known as DarkSide after it suffered a cyberattack. The group used malicious software to hold the company hostage.
Colonial Pipeline CEO Joseph Blount said that the company paid the costly ransom because it feared a prolonged shutdown and did not know how long it would take to restore operations.
Usually, a ransomware attack involves hackers locking up computer systems by encrypting data and paralyzing networks before asking for a hefty ransom from the targeted company to unscramble it.
The East Coast pipeline had taken early steps to notify the FBI behind the scenes. But, instead, they stuck to instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.
Acting U.S. Attorney Stephanie Hinds for the Northern District of California said at the news conference at the Justice Department Monday that the extortionists will never see this money.
Modern financial technologies that attempt to anonymize payments will not provide a curtain behind where it will permit criminals to get rich by stealing from hard-working Americans.
Lisa Monaco issued an internal memo that requires U.S. prosecutors to report all ransomware investigations they may be tracking. This move will help coordinate the U.S. government’s trail of online criminals.