A sign warning consumers that gasoline is available at the RaceTrac gas station in Smyrna, Georgia, May 11, 2021.
Elijah Nouvelleage | AFP | Getty Images
Washington — US law enforcement officials said Monday that they were able to recover $ 2.3 million in Bitcoin paid to criminal cybergroups involved in a devastating ransomware attack on the Colonial Pipeline.
“Today we have reversed the situation on the dark side,” Lisa Monaco, Deputy Attorney General, said at a news conference, adding that the money was seized by court order.
At the briefing, FBI Deputy Director Paul Abbate said the agent was able to identify the cryptocurrency wallet that DarkSide hackers used to collect payments from the Colonial pipeline.
“We used law enforcement agencies to seize victims’ funds from their wallets and prevent dark-side actors from using them,” said Abato.
The FBI refused to state exactly how it accessed the Bitcoin wallet, saying it needed to protect its tradecraft.
FBI Special Investigator Elvis Chan told reporters that even foreign-based cybercriminals like DarkSide usually use US infrastructure at some point in the course of the crime. Said. When they do, it gives the FBI a legal window to regain funds.
Considered to be a Russian-based criminal organization, DarkSide operates as a “ransomware as a service” business model. This means that hackers develop and sell ransomware hacking tools and sell them to other criminal “affiliates” to carry out attacks.
It is still unknown that DarkSide’s affiliates were involved in the Colonial Pipeline attack.
U.S. Federal Attorney General Lisa Monaco said at a press conference between FBI Deputy Secretary Paul Abbate and Northern California District Attorney Stephanie Hines, worth millions of dollars from the Colonial Pipeline ransomware attack. Announced that the virtual currency has recovered. June 7, 2021, Washington Department of Justice.
Jonathan Ernst | Reuters
Dark sideLast month, a ransomware onslaught on Colonial Pipeline forced the company to shut down its approximately 5,500-mile US fuel pipeline, disrupting nearly half of its East Coast fuel supply and causing gasoline shortages in the southeast. Caused airline turmoil.
Ransomware attacks include malware that encrypts files on your device or network and renders your system inoperable. The criminals behind such cyberattacks usually demand a ransom in exchange for the disclosure of data.
Colonial Pipeline paid hackers a ransom of nearly $ 5 million. One of the sources familiar with the situation confirmed with CNBCIt was not immediately clear when the deal took place.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage even more vicious activity.
The government has stopped moving to ban ransomware payments altogether, simply because it has little effect on whether businesses pay the ransom and simply discourages reports of attacks.
The announcement on Monday was part of a broader effort to combat private sector companies that had long been hesitant to publicly report cyberattacks and involve the government in their response.
“The message here today is [if you report the attack], We use all the tools to track these criminal networks, “said Monaco.
Officials emphasized the benefits of companies that quickly report cybercrime to the FBI.
“Victim reports not only provide us with the information we need to have an immediate impact on real-world attackers, but they can also prevent future harm,” Abato said. It was.
“The private sector has an equally important role to take cyber threats seriously and strengthen defenses accordingly,” said Joseph Braunt, CEO of Colonial Pipeline, in a statement Monday night. You have to invest to do it. “
“As the investigation into the case progresses, Colonial will continue to remain transparent in sharing information and knowledge with the FBI and other federal agencies,” he said.
Brant Set to testify Tuesday, before the Senate Department of Homeland Security.
“So far, there is no evidence from our intelligence that Russia is involved. There is evidence that the attacker’s ransomware is in Russia, but they have some responsibility to deal with this. ” Biden said on May 10th:He added that he would discuss the situation with the Russian President. Vladimir Putin..
A meeting between the two leaders is scheduled June 16th Geneva..
The Kremlin has denied launching a cyberattack on the United States.
White House spokesman Jen Psaki told reporters prior to the summit, “The president’s message is that responsible states do not have ransomware criminals, and responsible countries have told these ransomware networks. You have to take decisive action. “
The Biden administration is also putting pressure on the private sector to strengthen its defenses against ransomware.
“All organizations, regardless of size or location, need to be aware that no company is safe to be targeted by ransomware,” said Deputy National Security Adviser for Cyber and Emerging Technologies. One Anne Neuberger said. In the memo of June 2..
“To understand your risks, executives should immediately convene management to discuss ransomware threats, review the company’s security regime and business continuity plan, and help them continue or recover their business quickly. You have to, “she added.
At the same time, the White House is working on cryptocurrencies and ways to modernize cybersecurity protocols and banking law to address their growing role in financial crime, from ransomware to corruption.
The epidemic of cryptocurrencies in crimes such as ransomware attacks has also attracted the attention of Capitol members.
“We need a lot of cash in our country, but we didn’t understand how to track cryptocurrencies in this country or in the world,” Senator Roy Blunt told an NBC show in Missouri on Sunday. It was. “Let’s meet the press.”
“We can’t track ransomware, the currently selected ransom payment method, and we have to do a better job here,” he added.
Collect $ 2.3 million in Bitcoin paid by the US
Source link Collect $ 2.3 million in Bitcoin paid by the US