US recovers most of $4.4M crypto ransom paid by Colonial Pipeline

  • US recovers most of $4.4M crypto ransom paid by Colonial Pipeline

US recovers most of $4.4M crypto ransom paid by Colonial Pipeline

The goal of these actions is to gain money by forcing the target to pay what is known as ransom in exchange for releasing control of computer systems.

The escalating havoc caused by ransomware gangs raises an obvious question: Why has the United States, believed to have the world's greatest cyber capabilities, looked so powerless to protect its citizens from these kind of criminals operating with near impunity out of Russian Federation and allied countries?

On Monday, however, the government signaled that it could move against the cybercriminals by recovering ransom money.

On Monday, deputy US attorney general Lisa Monaco said that an operation was conducted Monday to recover some of the funds, amounting to 63.7 BTC, an amount worth approximately $2.26 million.

Colonial Pipeline, in the USA state of Georgia, supplies nearly half the fuel used on the country's eastern coast.

The pipeline was shut down on May 7, crippling supply to East Coast retailers, some of which rely heavily on Colonial Pipeline's fuel.

After Colonial Pipeline's quick notification to law enforcement and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month's ransomware attack.

Monday's announcement was the first time the government has said that it had recovered money from the Russia-based gang.

The task force was created as part of the government's response to an "epidemic" of ransomware attacks, which Monaco said have "increased in both scope and sophistication in the previous year".

"The message we are sending today is that if you come forward and work with law enforcement, we may be able to take that type of action that we took today to deprive the criminal actors of what they're going after here, which is the proceeds of their criminal scheme", Monaco said.

The problem has become so acute that Biden will raise it when he meets with Russian President Vladimir Putin in Geneva this month.

The Biden administration is seeking to find ways to combat the rise. It plans to improve efforts to bring charges against those responsible and form diplomatic agreements with other countries. The hope is that allies can pressure countries that protect ransomware gangs. There are now more than 100 people on the FBI's quickly-growing list of most-wanted cyber criminals. Many of them are not really hiding. Evgeniy Bogachev, indicted almost a decade ago for what prosecutors say was a wave of cyber bank thefts, lives in a Russian resort town and "is known to enjoy boating" on the Black Sea, according to the FBI's wanted listing. "The Department of Justice and Federal Bureau of Investigation were instrumental in helping us to understand the threat actor and their tactics".

DarkSide operates under a ransomware-as-a-service model in which it provides the malware that a criminal affiliate can use to lock up data on a victim's computer system. They also share resources.

But the difficulties of taking down ransomware gangs and other cybercriminals have always been clear.

"Today we turned the tables on DarkSide", Monaco pronounced.

The profitable business model of double extortion - i.e., combining data exfiltration and ransomware threats - have also resulted in attackers expanding on the technique to what's called triple extortion, wherein payments are demanded from customers, partners, and other third-parties related to the initial breach to demand even more money for their crimes. "And that's exactly what we do", Lisa Monaco, deputy attorney general, told a press conference in Washington.

The Justice Department in April created a ransomware and digital extortion task force.

In her remarks, Monaco issued a warning to US companies about the threat to their operations.

After the Colonial Pipeline attack, Biden promised that his administration was committed to bringing foreign cybercriminals to justice. Yet even as he was speaking from the White House, a different Russian-linked ransomware gang was leaking thousands of highly sensitive internal files - including deeply personal background checks - belonging to the police department in the nation's capital.