Department of Justice officials discuss Colonial Pipeline ransomware attack

Clay Curtis
June 8, 2021

About a week after discovering the attack, Colonial paid almost $5 million (about £3.55 million) ransom to the DarkSide ransomware group. It follows a string of cyber attacks that panicked consumers and led President Biden to warn Russian Federation that it needed to take "decisive action" against the criminal networks.

Monaco said the operation was not the first time the US government has recovered cryptocurrency but said it was the first such operation for the department's new ransomware and digital extortion taskforce. But the old adage follow the money still applies.

Asked whether industry should take the FBI's operation as a sign that law enforcement can recover payments, and therefore make them a more plausible solution, Monaco said, "We cannot guarantee - and we may not be able to do this in every instance".

Colonial confirmed last May that it had paid $4.4 million to save "The dark sideThe "ransomware" hack occurred on May 7 and Paralyzed for several days one of the largest pipeline networks in the United StatesAnd the In addition to causing fuel supply problems in various states". Last month, The Wall Street Journal reported the group made nearly $60 million in seven months, including $46 million in the first three months of this year. Justice Department officials could not say how many other ransoms they have recovered.

President Joe Biden plans to meet Russia's leader, Vladimir Putin, later this month. "This is the first operation of its kind by the working group".

Biden has previously said Moscow bears "some responsibility" to deal with the attack. Cryptocurrency, which allows users to mask their identities, "lies at the core of how these ransom transactions are played out", he said.

Queen Elizabeth "Delighted" Over Harry, Meghan's Daughter
Meghan said it was hard for her to understand why there were concerns within the Royal Family about her son's skin colour. Duncan Larcombe, former royal editor at the Sun , said he thought the name was "the most royal name you could give".

The department said in a later statement that Colonial Pipeline had paid a ransom demand of about 75 bitcoins, and that it had recovered about 63.7 bitcoins, which are now valued at about $2.3 million.

Bitcoin is the foremost cryptocurrency in terms of value. She also added, 63.7 bitcoin, or $2.3 million, was recovered this way. However, officials have not disclosed how got that key.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russian Federation, where numerous gangs are based. Colonial's CEO, Joseph Blount, later called it "the right thing to do for the country" to enable pipeline operations to be restored. "I know that's a highly controversial decision", Blount told the newspaper.

Mr. Blount issued a statement after the press conference that said, in part, "When Colonial was attacked on May 7, we quietly and quickly contacted the local Federal Bureau of Investigation field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington, share with them what we knew at that time".

The VPN system used to compromise the company's networks was not protected by multifactor authentication (MFA): at least for the user account that was leveraged in the attack. Justice Department officials said the Colonial Pipeline ransom seizure was the first ransom recovery by the task force.

"Any ransom payment made by a victim is then split between the affiliate and the developer", writes Elliptic's co-founder Tom Robinson. It is not clear who has the rest of the proceeds, he said. The ledger does not contain information identifying who controls the wallet. "Using law enforcement authorities, victim funds were seized from that wallet, preventing DarkSide actors from using them". She added, however, "we can not guarantee and we may not be able to do this in every instance".

Other reports by

Discuss This Article