DoJ recovers 'majority' of ransom paid by Colonial Pipeline
63.7 Bitcoins worth $2.3 million have been seized after a warrant was authorized by judge
Deputy Attorney General Lisa Monaco said this "demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises."
"We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today's announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide," she said.
In a filed affidavit, the FBI said it was able to track multiple transfers of Bitcoin and identify 63.7 Bitcoins, representing the "majority" of the victim's ransom payment. This had been transferred to a specific address, for which the FBI had the "private key" to access this specific Bitcoin address.
A judge in San Francisco then approved the seizure of funds from this cryptocurrency address.
Colonial Pipeline previously admitted it had paid hackers $4.4 million to regain access to its systems after consulting experts who have dealt with the DarkSide hacking group.
Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network told IT Pro that the seizure sends a message that the DoJ now has tolerance-zero for ransomware gangs.
"The seizure continues the previously announced efforts to combat surging ransomware and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration," he said.
"Moreover, international cooperation is essential to curb surging ransomware attacks, including baseline cooperation with traditionally hostile jurisdictions. Otherwise, even though uncovered, the perpetrators will likely enjoy impunity due to missing extradition treaties with foreign jurisdictions."
Chris Grove, product evangelist at Nozomi Networks, added that the joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.
"Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level and must be dealt with differently. While it's great that the government recovered some of the $4.4 million paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can also discuss who haven't fared as well. Not to mention 100s we know about, but can't discuss, and another 1,000 that we don't even know about," he said.
How to choose an AI vendor
Five key things to look for in an AI vendorDownload now
The UK 2020 Databerg report
Cloud adoption trends in the UK and recommendations for cloud migrationDownload now
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID worldDownload now
The impact of AWS in the UK
How AWS is powering Britain's fastest-growing companiesDownload now