Feds bring back millions of pipeline ransom hackers, hint of US internet tactic

0
65

""Tech News"" – Google News

The United States has received back much of the ransom that the Russian hacker group DarkSide extorted from the Colonial Pipeline earlier this year, the Justice Department said on Monday.

The announcement describes a rare disruption to the cryptocurrency payment systems preferred by hackers who enabled ransomware efforts around the world.

The FBI was able to gain control of DarkSide’s revenue by giving it access to a centralized account containing about 63.7 bitcoins worth roughly $ 2.3 million, said deputy director Paul Abbate. A court document states that the seizure took place in Northern California, within the reach of US law, and that the FBI was able to access the “private key” or password for one of the gang’s bitcoin wallets. It was unclear how the key was compromised.

Elvis Chan, an assistant special agent for the FBI’s San Francisco office, said on a news call Monday that the funds were specifically seized from hacking subcontractors who used the DarkSide ransomware to hack Colonial.

He declined to provide details on how the FBI could get access to the wallet, but said it didn’t have to wait for criminals to use US cryptocurrency services. However, it relied on the fact that there is so much internet infrastructure in the US where the FBI can get arrest warrants.

“I don’t want to give up our craft if we want to use this again for future endeavors,” he said.

DarkSide hacked into Colonial in May as part of a month-long crime that resulted in the company ceasing to operate. The group requested a $ 4.4 million ransom, which the company quickly paid. DarkSide’s decryption program was so slow that Colonial stopped using it and instead restored its system from old backup files.

The pipeline’s systems came back online five days after the hack.

“Today we turned the tables at DarkSide,” said Deputy Attorney General Lisa Monaco at a press conference.

“Ransomware attacks are always unacceptable, but when they target critical infrastructure we will spare no effort in our response,” she said.

Ransomware gangs were responsible for more than 1,000 hacks worldwide this year, mostly in the United States, according to figures compiled for NBC News by Allan Liska, an analyst at cybersecurity firm Recorded Future.

“Overseas is not a problem for this technology,” said Chan.

Microsoft’s Threat Intelligence Center, which tracks ransomware groups, supported the investigation, Chan said.

The colonial hack was the first to have a direct impact on everyday life in America; Most attacks are aimed at smaller targets. The threat of major pipeline shutdowns led the US to issue emergency orders to truck drivers to work overtime on fuel delivery, and some gas stations reported bottlenecks as drivers rushed to the pumps.

Colonial CEO Joseph Blount, who oversaw the company’s response, praised the FBI in a statement for its “quick work and professionalism in responding to this incident.”

“Holding cybercriminals accountable and disrupting the ecosystem that enables them to do their jobs is the best way to deter and defend future attacks of this type,” he said.

Jen Ellis, co-author of a landmark Ransomware Task Force report examining how to slow the pace of ransomware attacks, welcomed the Justice Department’s announcement as “fantastic news.”

“This kind of cooperation between victims and law enforcement is exactly what we need to see,” she said.

“If we continue to act like this, it will hopefully encourage other victims to refer attacks to law enforcement, and it will also make it harder for ransomware attackers to make a payday,” said Ellis.

The withdrawn payment announced on Monday is still a tiny fraction of the $ 90 million DarkSide has stolen since it started operating in October, Tom Robinson, CEO of Elliptic, a UK company that tracks bitcoin payments, said in an E. -Mail.

CORRECTION (June 8, 2021, 2:24 p.m. ET): An earlier version of this article incorrectly stated that the Colonial Pipeline was hacked. It was May, not April.

Ken Dilanian contributed to this.

Source Link

Leave a Reply