By Rachel Curry Jun.8 2021, Published 10:28 a.m.ET
Ransomware attacks have expanded during 2021 with the attacks on Fujifilm, JBS Meat , and—of course—the Colonial Pipeline .Even U.S.
Deputy Attorney General Lisa Monaco said in an announcement from the Department of Justice, “Ransomware attacks have increased in both scope and sophistication in the last year—targeting our critical infrastructure, businesses of all types, whole cities, and even law enforcement.” Article continues below advertisement
The ransom that Colonial Pipeline paid to Russian hacker group DarkSide went into the millions, but the U.S.government achieved a major milestone in recovering most of the ransom.
Colonial Pipeline paid a hefty chunk of change in ransom to the hackers
Ransomware negotiation is a sensitive practice.The negotiation process starts immediately, which gives defensive hackers the chance to attempt to secure their systems without needing to pay a ransom.That doesn’t always work out, as evidenced by the Colonial Pipeline.Article continues below advertisement
Ultimately, Colonial had to shell out $4.4 million to DarkSide in order to secure its systems.Now, the Department of Justice reports that most of the ransom has been recovered.The DOJ traced a Bitcoin wallet to recover the Colonial Pipeline ransom
Monaco reported in her announcement, “After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack.” Article continues below advertisement
The $4.4 million that Colonial paid to DarkSide came in the form of 75 Bitcoin.
The Department of Justice recovered 63.7 of those Bitcoin tokens.Because of Bitcoin’s recent bear market, the value of that Bitcoin has diminished, which left the company with about $2.3 million.How the government tracked DarkSide Russian hackers The federal government says it seized by court order $2.3 million of the ransom paid by Colonial Pipeline.The FBI had the password to the hackers’ Bitcoin account, @PeteWilliamsNBC reports.“Today we turned the tables on DarkSide,” says Deputy Attorney General Lisa Monaco.
— Geoff Bennett (@GeoffRBennett) June 7, 2021
How did the FBI find the Bitcoin used for the ransom? They traced the IP addresses that DarkSide hackers used for the cryptocurrency transfer.This wasn’t an easy feat and took them weeks to accomplish.Article continues below advertisement
While the identification system that Bitcoin uses is technically anonymous, the data behind that trade isn’t.Because of this behind-the-curtain digging, officials were able to trace and ultimately recover the Bitcoin wallet containing most of the tokens.DarkSide ransomware goes well beyond Colonial Pipeline It’s a pretty big deal that the DOJ recovered millions in crypto currency paid by Colonial Pipeline to hackers.An even BIGGER deal would be to stop the hacking from happening in the first place.
The shutdown of the 5,550-mile pipeline was a huge blow to cybersecurity, but the company isn’t alone in its struggles.DarkSide has attacked other companies in the U.S., Brazil, Scotland, and beyond.Article continues below advertisement
Monaco’s suggestion to “invest the resources now” highlights the importance and uniqueness of a decidedly 21st-century problem.Ransomware has come into the spotlight over the course of the last year.
It shows the need for upgraded cybersecurity and also the fickle nature of our world’s supply chains.
Ultimately, the ability to recover ransomware that’s already paid out could be the best chance for the U.S.
to combat this until companies are able to defend themselves properly.For the Colonial Pipeline , that’s a reality already in place.Advertisement .
