Justice Dept. recovers most of ransom Colonial Pipeline paid to DarkSide hackers
The Department of Justice announced Monday that agents have recovered $2.3 million of the roughly $4.4 million in cryptocurrency the Colonial Pipeline paid ransomware criminal group DarkSide following its cyberattack that shut down nearly half the fuel supply to the eastern U.S.
What are the details?
A federal judge signed off on the warrant earlier in the day for federal officials to seize the ransom, and officials recovered 63.7 bitcoin of the total amount 75 bitcoin in the effort, according to a news release from the DOJ's Office of Public Affairs.
DOJ Deputy Attorney General Lisa O. Monaco said in a statement regarding the news:
"Following the money remains one of the most basic, yet powerful tools we have. Ransom payments are the fuel that propels the digital extortion engine, and today's announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today's announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide."
The Colonial Pipeline was attacked on May 7, shutting down the nation's largest pipeline that supplies 45% of the East Coast. The shutdown lasted for a week, and panic sparked a run on gas in several of the impacted states leading several governors to declare states of emergency and gas prices to spike nationwide.
President Joe Biden said at the time that the hackers were likely Russian, but had not been linked to the Russian government.
What else?
In an interview with The Wall Street Journal regarding the ransom payment, Colonial Pipeline CEO Joseph Blount explained, "I know that's a highly controversial decision. I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."
As TheBlaze previously reported:
The FBI discourages organizations from paying a ransom in a ransomware attack because "paying a ransom doesn't guarantee you or your organization will get any data back," and it "also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity."
"When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C. to share with them what we knew at that time," Blount said in a statement Monday, according to Fox Business. "The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable."
Blount is set to testify before congressional panels this week, the Associated Press reported.
Colonial Pipeline reportedly paid hackers nearly $5 million in ransom after cyberattack
After a debilitating and embarrassing cyberattack that crippled the supply chain for days, the Colonial Pipeline Co. buckled to the demands of hackers and paid nearly $5 million in ransom, Bloomberg reported Thursday afternoon.
NBC and CNBC confirmed the report by speaking to a source familiar with the situation and an anonymous U.S. official. Nicole Perlroth, cybersecurity reporter for the New York Times, reported Colonial paid the hackers 75 bitcoin on Monday.
"The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said," according to Bloomberg. "A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment."
Once the ransom was paid, the hackers provided Colonial Pipeline with a "decrypting tool to restore its disabled computer network," but the "tool was so slow that the company continued using its own backups to help restore the system," one of the people familiar with the company's efforts told Bloomberg.
A representative from the Colonial Pipeline Co. declined to comment on the ransom, but told Bloomberg that the company began to resume fuel shipments around 5 p.m. ET Wednesday.
"Colonial Pipeline has made substantial progress in safely restarting our pipeline system and can report that product delivery has commenced in a majority of the markets we service," Colonial's website said in a Thursday update. "By mid-day today, we project that each market we service will be receiving product from our system."
Thursday's update that Colonial Pipeline paid the hefty ransom contradicts earlier reports that said the energy company had no intention of paying the ransom.
During a Thursday news conference, President Joe Biden was asked if he knew that Colonial paid the hackers a ransom, and he responded by saying, "No comment."
Joe Biden smirks and says "no comment" on if Colonial paid hackers ransom for the pipeline attack https://t.co/a7BCC3X15k
— RNC Research (@RNCResearch) 1620925211.0
Colonial became aware of the cyberattack around May 7 and immediately shut down its operations. The paralyzing cyberattack on the nation's largest pipeline triggered a full-scale shutdown, which led to fuel shortages, panic buying, and several governors declaring a state of emergency. The 5,500-mile pipeline runs from Houston to Linden, New Jersey, and supplies about 45% of the fuel used along the Eastern Seaboard.
By Wednesday, the pipeline shutdown helped push the national average price of gasoline to $3.008 per gallon, according to the Automobile Association of America.
Earlier this week, the FBI named a criminal gang of hackers named "DarkSide" as the culprits of the devastating cyberattack. DarkSide, which specializes in digital extortion, is suspected of operating out of Eastern Europe or Russia. President Biden said the hacker group is likely based in Russia, but does not believe the Russian government is involved.
"We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, that's where it came from," Biden said Thursday.
The DarkSide group described its actions as "apolitical" in a statement provided to CNBC.
"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives," the group stated. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
The FBI discourages organizations from paying a ransom in a ransomware attack because "paying a ransom doesn't guarantee you or your organization will get any data back," and it "also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity."
Anne Neuberger, the White House's top cybersecurity official, would not say if companies should pony up ransom demands.
"Typically that's a private sector decision," Anne Neuberger, deputy national security advisor for cyber and emerging technologies, told reporters at the White House on Monday. "We recognize that victims of cyberattacks often face a very difficult situation and they have to just balance often the cost-benefit when they have no choice with regards to paying a ransom. Colonial is a private company and we'll defer information regarding their decision on paying a ransom to them."
thefederalist.com
www.theblaze.com