FBI recovers over $2M out of $4.4M ransom paid to Colonial Pipeline hackers
The seizure of funds paid by Colonial Pipeline to the hackers marks the first major victory of a new ransomware Justice Department task force
US' largest fuel pipeline, Colonial Pipeline, was forced to temporarily shut down following a cybersecurity attack on May 7. The Russian hacker group who claimed to have broken into the operator's network had later declared, "Our goal is to make money, and not creating problems for society." Now, the FBI has recovered more than $2M out of the $4.4M in cryptocurrency paid in ransom to these hackers following the attack.
The operation was led by the FBI with the cooperation of the Colonial Pipeline operator. According to an interview given by Colonial Pipeline Co CEO Joseph Blount to The Wall Street Journal last month, the company had complied with the $4.4M ransom demand by the hackers because officials weren't aware of the extent of the intrusion by hackers. The company had notified the FBI and had followed instructions which eventually helped investigators track the payment to a cryptocurrency wallet used by the hackers, known as Darkside, based in Russia. No comment from the Justice Department was available at the moment on the matter.
Talking about the incident, Deputy National Security Advisor Anne Neuberger told CNN, "The misuse of cryptocurrency is a massive enabler here. That's the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds." Neuberger added, "Individual companies feel under pressure, particularly if they haven't done the cybersecurity work, to pay off the ransom and move on, but in the long-term, that's what drives the ongoing ransom (attacks). The more folks get paid the more it drives bigger and bigger ransoms and more and more potential disruption."
The seizure of funds paid by Colonial Pipeline to the hackers marks the first major victory of a new ransomware Justice Department task force. “Today we turned the tables on DarkSide,” Deputy Attorney General Lisa Monaco said on June 7. “The Department of Justice has found and recaptured the majority of the ransom” in the wake of last month’s attack, he added.
Following the cybersecurity attack, gas stations from Florida to Atlanta and Virginia had closed their pumps due to a fuel shortage brought on by the attack. A state of emergency was declared by the governor of North Carolina. The pipeline supplies 45 per cent of all the East Coast's fuel needs, including Atlanta's airport — the world's busiest by passenger traffic. The pipeline also serves 90 US military installations and 26 oil refineries.
On May 11, following the attack, DarkSide’s website released a statement addressing the Colonial Pipeline shutdown. DarkSide claimed that the move was not political and they just wanted to make money without causing problems for society. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”