U.S. law enforcement agents were able to retrieve close to half of the ransom that the Colonial Pipeline Co. paid to the hacker group called DarkSide.
FBI Deputy Director Paul Abbate went on record to say that his team was able to identify the virtual wallet used by DarkSide and was able to retrieve close to 2.3 million dollars worth of Bitcoin in the wallet.
The FBI refused to say how they gained access to DarkSide’s virtual wallet and said they would give no further details on how they retrieved the ransom
Colonial Pipeline reportedly said it paid the hacker group close $5 million dollars worth of Bitcoin to regain access to their systems so getting back half of the ransom is better than nothing at all.
Justice Dept. says it seized $2.3M in cryptocurrency paid to the Darkside ransomware gang by Colonial Pipeline. https://t.co/sLMRa9mCMQ On May 14, Darkside closed up shop, saying its bitcoin stash had been plundered https://t.co/aNkVt5NQfv
— briankrebs (@briankrebs) June 7, 2021
— Reuters (@Reuters) June 7, 2021
CNBC had more on the story:
DarkSide’s sweeping ransomware assault on Colonial Pipeline last month forced the company to shut down approximately 5,500 miles of American fuel pipeline, leading to a disruption of nearly half of the East Coast fuel supply and causing gasoline shortages in the Southeast and airline disruptions.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind such cyberattacks typically demand a ransom in exchange for the release of data.
Colonial Pipeline paid nearly $5 million ransom to the hackers, one source familiar with the situation confirmed to CNBC. It was not immediately clear when the transaction took place.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
The government has stopped short of moving to ban ransomware payments altogether, out of concern that it would have little impact on whether or not companies pay ransoms and simply discourage them from reporting attacks.
Due to the fact the FBI refused to announce the tactics they used to retrieve the funds it made many to believe that law enforcement agents used a simple trace and trap method:
on sat may 8, ransom funds seem to have been sent from a US exchange to a darkside address & moved around in several other txs that day.
after lying dormant for several weeks, on may 27, ~69.6 BTC eventually landed at the warrant address.
— Alex Thorn 🎲 (@intangiblecoins) June 8, 2021
I'm having a tough time believing that this supposedly Russian hacking network was so sophisticated it could shut down our infrastructure, but not knowledgable enough to maintain safe custody over their bitcoin.
We're missing the whole story, here….
— Jordan Schachtel (@JordanSchachtel) June 7, 2021
CNN had more on the story:
US investigators have recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, the Justice Department announced Monday.
The announcement confirms CNN’s earlier reporting about the FBI-led operation, which was carried out with cooperation from Colonial Pipeline, the company that fell victim to the ransomware attack in question.
Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.
The ransom recovery, which is the first seizure undertaken by the recently created DOJ digital extortion taskforce, is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.
Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal in an interview published last month that the company complied with the $4.4 million ransom demand because officials didn’t know the extent of the intrusion by hackers and how long it would take to restore operations.
Ransomware attacks saddle Biden with grave national security crisis.
Since the Justice Department’s announcement of the Bitcoin seizure prices have slid close to 5%.
Want more? To stay up to date on all our news, please follow us on Facebook here: