U.S. seizes ransom share from hackers in colonial pipeline attack

Washington — The Justice Department seized many of the ransoms paid by major U.S. pipeline operators to Russian hacking groups last month and reached out to digital wallets to reclaim millions of dollars in the hacker’s position on Monday. Said to have reversed. In cryptocurrency.

Over the last few weeks, investigators have tracked 75 Bitcoins worth more than $ 4 million. Colonial pipeline The attack shut down the computer system and caused a fuel shortage, which was paid to the hacker. Soaring gasoline prices And airline turmoil.

According to law enforcement officials, federal agents landed on one account that a federal judge allowed to break in after the ransom went through a maze of at least 23 different electronic accounts belonging to the hacking group DarkSide. I tracked the ransom. Court documents..

The Justice Department said it had seized about $ 2.3 million worth of 63.7 Bitcoins. (The value of Bitcoin has fallen in the last month.)

“The clever use of technology to hostage businesses and cities for profit is clearly a challenge for the 21st century, but the old adage of’following money’still applies,” said Lisa of the Justice Ministry. Deputy Secretary O. Monaco said. Press conference at the Ministry of Justice.

Law enforcement officials have emphasized seizures to warn cybercriminals that the United States plans to target profits from cryptocurrencies such as Bitcoin. It also encourages victims of ransomware attacks. That was also intended. Every 8 minutes, On average — to notify authorities to assist in collecting ransom.

For years, victims have opted to quietly pay cybercriminals, believing that it is cheaper than rebuilding their data and services. The FBI does not recommend paying ransoms, but they are legal and can even be tax deductible. However, with billions of dollars in payments, it has funded and strengthened the Ransomware Group.

Justice ministry officials said Colonial’s rapid involvement in the FBI helped collect the ransom, and the company’s role in the ministry’s new ransomware response headquarters to hijack cybercrime. The group’s interests said they evaluated.

“We must take cyber threats seriously and invest to strengthen our defenses accordingly,” Colonial CEO Joseph Brownt said in a statement. Investigators helped Colonial understand hackers and their tactics after his company contacted the FBI and the Department of Justice to notify them of the attack.

The Justice Ministry’s announcement was also made before President Biden met with Russian President Vladimir Putin in Geneva next week. Russia usually does not arrest or surrender suspects of ransomware attacks.

The New York Times reported It was clear last month that Colonial Pipeline ransom payments moved from DarkSide’s Bitcoin wallet, but it’s not clear who adjusted the move.

On Monday, the government filled some of the blanks. DarkSide works by providing ransomware to affiliates. In exchange, DarkSide receives a portion of its profits.

Officials said they identified the cryptocurrency account DarkSide used to collect payments from ransomware victims. Officials issued a warrant on Monday to seize funds from a wallet by a judge in Northern California. He said he approved.

The FBI launched a Dark Side investigation last year, identifying more than 90 victims in multiple sectors of the economy, including manufacturing, law, insurance, healthcare and energy, FBI Deputy Secretary Paul M. Abate said. He spoke at the press conference.

DarkSide first surfaced in August and is believed to have started as an affiliate of another Russian hacking group called REvil before launching its own activity last year.

A few weeks after DarkSide Attacked colonial, REvil tried the following with ransomware: Extort gold from JBS, Is one of the largest meat processors in the world. The attack forced the company to close nine beef factories in the United States, disrupting poultry and pork factories, causing grocery stores and restaurants to raise prices significantly or remove meat products from their menus. Had to do.

In recent weeks, ransomware has also dysfunctional hospitals that serve the village of Florida, the largest retiree community in the United States. Television network; NBA and minor league baseball teams. In addition, there are ferries to Nantucket Island and Martha’s Vineyard Island in Massachusetts.

These episodes raised digital vulnerabilities to public awareness. White House officials said last week they were tackling the issue of cryptocurrencies that have enabled ransomware attacks for years.

Last week, FBI Director Christopher A. Ray said Likened to the threat of a ransomware attack Challenge to global terrorism since the 9/11 terrorist attacks on September 11, 2001.

“There are many similarities, many importance, and we have a lot of focus on confusion and prevention,” he said. “Not only government agencies, but the private sector and the average American have a common responsibility.”

Ray points out the scale of the problem, adding that the FBI is investigating 100 software variants used in ransomware attacks.

US officials have been careful not to link ransomware attacks directly to Russia, but Biden, Ray and others say Russia protects cybercriminals.

Russia often treats them as state property. In 2014 Yahoo violationFor example, Russian intelligence has instructed the FSB, the successor to the Soviet-era KGB, to pass an email account while working with cybercriminals to profit from stolen data.

Putin likens hackers to “artists who wake up in the morning and start painting comfortably.” In reality, US officials have given Putin and Russian intelligence a plausible layer of denial.

Not only is Biden expected to address the issue with Putin, but the State Department is in talks with about 20 other countries on how to put mutual pressure on Russia to address cybercrime. Yes.

“If we want to show that the Kremlin is serious about this issue, there is plenty of room for real progress we haven’t seen,” Ray said last week.

Anne Neuberger, National Security Adviser for Cyber ​​and Emerging Technologies, said: Warning to American companies Last week, ransomware went dark, and recent changes were pointed out as “from data theft to disruption of business.”

Hackers were directly targeting the colonial billing system. As they were frozen, management realized that there was no way to charge customers or stop operations in advance.Ah Government Top Secret Evaluation If the pipeline had been closed for another two days, it was determined that the attack could have kneeled mass transit and chemical refineries that relied on colonial diesel transport.

The White House held an emergency meeting to deal with the attack. The Biden administration has announced that it will require pipeline companies to: Report a serious cyber attack The government will also set up a 24-hour emergency center to deal with serious hacks.

Cybersecurity experts welcomed the move by the Justice Department.

“It’s clear that we need to use some tools to stop the ransomware tide,” said John Hartquist, vice president of cybersecurity firm FireEye. “A stronger focus on disruption can counteract the motivation for this behavior, which is growing in a vicious circle.”

David E. Sanger Contributed report.

U.S. seizes ransom share from hackers in colonial pipeline attack

Source link U.S. seizes ransom share from hackers in colonial pipeline attack

Back to top button