Technology ‘Majority’ of ransom paid by Colonial Pipeline seized and returned by DOJ

04:45  08 june  2021
04:45  08 june  2021 Source:   zdnet.com

What is ransomware? Everything you need to know about one of the biggest menaces on the web

  What is ransomware? Everything you need to know about one of the biggest menaces on the web Updated: Everything you need to know about ransomware: how it started, why it's booming, how to protect against it.What is ransomware?

The US Department of Justice has managed to track down and recapture 63.7 bitcoin worth of ransom from a wallet allegedly used by hackers who extorted Colonial Pipeline . The ransomware attack had caused widespread gas shortages. With cooperation from Colonial , the DOJ got a warrant in a federal court in California and successfully “found and recaptured the majority of the ransom ” from a bitcoin wallet, Deputy Attorney General Lisa Monaco announced on Monday. It was the first seizure of this kind ever, she said. Colonial ’s CEO admitted last month the company had paid a ransom in

The US Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month, officials said Monday. The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by a specialized ransomware taskforce created by the Biden administration, and reflects what US officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

Lisa Monaco wearing a suit and tie: Deputy Attorney General Lisa Monaco © ZDNet

Deputy Attorney General Lisa Monaco

The Department of Justice announced on Monday that it managed to recover some of the ransom that was paid by Colonial Pipeline to the cybercriminals behind the DarkSide ransomware last month.

While this is not the first time the government has been able to get some money back to victims, Deputy Attorney General Lisa Monaco said during a press conference that this was a first for the new Ransomware and Digital Extortion Task Force that was created in April to address the growing number of cyberattacks.

ZDNet Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

Monaco explained that the Justice Department and FBI seized 63.7 Bitcoins -- now valued at $2.3 million after a large dip in the cryptocurrency market -- of the 75 Bitcoins that the CEO of Colonial Pipeline admitted to paying. Despite paying for the ransom, the encryption tools handed over did not work or help the company's efforts to restore its systems.

EXPLAINER: Why the Colonial Pipeline hack matters

  EXPLAINER: Why the Colonial Pipeline hack matters NEW YORK (AP) — A cyberattack on a critical U.S. pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation's aging energy infrastructure. The Colonial Pipeline, which delivers about 45% of the fuel used along the Eastern seaboard, shut down Friday after a ransomware attack by gang of criminal hackers that calls itself DarkSide. Depending on how long the shutdown lasts, the incident could impact millions of consumers. © Provided by Associated Press FILE - In this Sept. 20, 2016 file photo vehicles are seen near Colonial Pipeline in Helena, Ala.

Colonial Pipeline paid nearly million ransom to the hackers, one source familiar with the situation confirmed to CNBC. It was not immediately clear when the transaction took place. The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity. The government has stopped short of moving to ban ransomware payments altogether, out of concern that it would have little impact on whether or not companies pay ransoms and simply discourage them from reporting attacks.

The Justice Department on Monday is expected to announce it has successfully seized millions of dollars in cryptocurrency Colonial Pipeline paid to the cyber criminal group Darkside following last month's ransomware attack that led the pipeline to briefly shut down its operations, according to a seizure warrant unsealed this afternoon. Department officials are expected to announce the seizure in a news conference Monday afternoon, sources familiar confirmed to ABC News. News of the seizure was first reported by CNN.

The Justice Department obtained a warrant from a California district court on Monday in order to seize the money.

"Following the money remains one of the most basic, yet powerful tools we have," Monaco said. "Today's announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide."

Monaco and FBI deputy director Paul Abate explained that the seizure was part of a larger effort to impose more costs on ransomware gangs, who have spent years holding hospitals, schools, businesses and government systems hostage.

Both begged companies to be prepared for attacks and focus on contingencies in case of an eventual attack and reiterated much of the guidance that was handed down by the White House last week.

Pipeline officials hope most service will be back by weekend

  Pipeline officials hope most service will be back by weekend WASHINGTON (AP) — Hit by a cyberattack, the operator of a major U.S. fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers. U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward “substantially restoring operational service” by the weekend. © Provided by Associated Press A company that operates a major U.S.

That payment cleared the way for Colonial to resume pumping fuel through its pipeline , which stretches from Texas to New Jersey and accounts for nearly half of all transport fuels that flow up the East Coast. The seizure on Monday marked a first-of-its-kind effort by a new Justice Department task force to The Justice Department said that it had seized 63.7 Bitcoins, currently valued at about .3 million. (The value of a Bitcoin has dropped over the past month.) “Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network

The Department of Justice announced on Monday that investigators were able to recover most of the ransom paid to hackers who interrupted operations at Colonial Pipeline last month. The DOJ ’s recovery effort was carried out alongside the FBI and Colonial Pipeline , and began shortly after the ransom was paid to the DarkSide The seizure announced on Monday was conducted by a recently launched ransomware and digital extortion task force, which was able to track bitcoin transactions. It was the group’s first operation of its kind, investigators said during a press conference on Monday.

"Cyber criminals are employing ever more elaborate schemes to convert technology into tools of digital extortion. We need to continue improving the cyber resiliency of our critical infrastructure across the nation, including in the Northern District of California," said Stephanie Hinds, acting US Attorney for the Northern District of California.

"We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments."

Colonial Pipeline faced significant backlash for paying the ransom but the FBI and Justice Department said they were able to use the Bitcoin public ledger to trace the payments back to "a specific address, for which the FBI has the 'private key,' or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address."

"There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors," Abbate said.

Colonial Pipeline shutdown: Expect fuel shortages to go away by Memorial Day, expert says

  Colonial Pipeline shutdown: Expect fuel shortages to go away by Memorial Day, expert says Colonial Pipeline will likely resume over the next two days, but consumers may have to wait longer in line, experts say.The shut-off of the pipeline, the primary fuel conduit serving the East Coast, spurred many people on the east coast and in the southeast into panic-buying — with some hoarding gas — and drained supplies at thousands of gas stations. Average gas prices are above $3, and some stations in the Southeast are running out or low on fuel.

The Department of Justice announced Monday that agents have recovered .3 million of the roughly .4 million in cryptocurrency the Colonial Pipeline paid ransomware criminal group DarkSide following its cyberattack that shut down nearly half the fuel supply to the eastern U.S. What are the A federal judge signed off on the warrant earlier in the day for federal officials to seize the ransom , and officials recovered 63.7 bitcoin of the total amount 75 bitcoin in the effort, according to a news release from the DOJ 's Office of Public Affairs. DOJ Deputy Attorney General Lisa O. Monaco said in a

The Justice Department said that it had seized 63.7 Bitcoins, currently valued at about .3 million. (The value of a Bitcoin has dropped over the past month.) “Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network,” the Colonial shut down its pipeline in response to the cyberattack, which included hackers threatening to release the company’s data to the public, setting off panic buying and a fuel shortage that sent gas prices soaring and forced airlines to make extra fuel stops. Weeks after DarkSide attacked Colonial

"We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public."

Despite the success in this instance, Abbate and Monaco stressed that they would not be able to retrieve all ransom payments from now on and urged companies to take measures to protect themselves while also notifying the FBI as soon as possible in the event of an attack.

"What we are saying today is that if you come forward, as law enforcement, we may be able to take the type of action that we took today to deprive the criminal actors of what they're going after here which is the proceeds of their criminal scheme," Monaco said.

"We cannot guarantee and we may not be able to do this in every instance."

more coverage

  • Everything you need to know about the Colonial Pipeline attack
  • Ransomware just got very real. And it's likely to get worse
  • Survive by outrunning the guy next to you
  • DarkSide explained: The gang behind the attack
  • Colonial Pipeline aims to restore operations by end of the week
  • Colonial Pipeline paid close to $5 million in ransomware
  • Colonial Pipeline restarts operations
  • Attack serves as fair warning to persistent corporate inertia over security

Colonial Pipeline admits paying ransom against FBI advice. It represents one of the most insurmountable cybersecurity problems .
Paying the ransom in the DarkSide attack against FBI wishes illustrates one of the nation's most insurmountable cybersecurity problems, experts say.“Here’s the point: We cannot stop U.S. companies from paying ransom,” lamented one Justice Department lawyer involved in cybercrime and security issues.

usr: 1
This is interesting!