The DarkSide ransomware gang was behind the attack on Colonial Pipeline, the largest fuel pipeline in the United States – The recovered ransom payment also belongs to the Pipeline.
A live-streamed joint press conference from the US Department of Justice (DoJ) and the FBI revealed that $2.3 million worth of cryptocurrency had been recovered from the operators of the DarkSide ransomware gang for compromising the country’s major pipeline.
The DoJ and the FBI claim that using the blockchain technology, they could track down the DarkSide’s cryptocurrency wallet and clawed back the ransom amount that they ‘allegedly’ paid to the hackers.
Tables Turned for Cybercriminals
According to FBI’s Deputy Director Paul Abbate, through relentless efforts, they were able to turn the tables on the hackers.
“Today we turned the tables on DarkSide,” he said.
The department seized 63.7 bitcoins. The authorities could accomplish this unprecedented feat by reviewing the hackers’ Bitcoin ledger. They then tracked different cryptocurrency transfers and discovered that the amount paid by Colonial Pipeline after the attack was transferred to a specific address controlled by the FBI.
The US District Court issued a seizure warrant for the Northern District of California on Monday to allow the DoJ to act against the hackers. They managed to confiscate a considerable chunk of the $4.4 million the company had paid to the DarkSide ransomware gang.
It must be noted that the attackers demanded ransom in exchange for unlocking the stolen digital data.
“The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st-century challenge, but the old adage ‘follow the money’ still applies,” stated Lisa Monaco, deputy attorney general for President Biden.
Since the gang is located somewhere in Russia or Eastern Europe, it is implausible to get them to face trial in the US. It is, however, heartening that authorities were able to give them a significant blow by snatching about half of the ransom amount Colonial reportedly paid to them.
In a conversation with Hackread.com, John Hultquist, VP of Analysis, Mandiant Threat Intelligence said that:
“The move by the Department of Justice to recover ransom payments from the operators who disrupted U.S. critical infrastructure is a welcome development. It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law.”
“In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize this behavior, which is growing in a vicious cycle,” said Hultquist.
Hackread.com reported about the sudden fuel outages across the East Coast for six days due to a ransomware attack on the Colonial Pipeline Co. on 7 May. The shutdown skyrocketed fuel prices, and people had to stack fuel containers in their car trunks or fill up plastic bags with gas.
The ransomware attack also forced the president to declare an emergency in 17 US states and the capital. However, last month, the gang called it quits after unknown authorities seized its cyberinfrastructure including servers and cryptocurrency it received from victims of ransomware attacks.