The U.S. Justice Department announced Monday that federal law enforcement officials have seized 2.3 million U.S. dollars in cryptocurrency of the ransom paid to hackers who shut down Colonial Pipeline last month.
Monaco gave no details on how the money was recovered from Darkside, but analysts believe it could have involved both FBI investigators and possibly the United States military's offensive cyber warfare operations.
Ransomware gangs can move around, do not need much infrastructure to operate and can shield their identities. Combined with a dearth of fuel truck drivers, the situation produced outages at tens of thousands of gas stations in the southeast and a jump in fuel prices.
It's short of the $4.4 million ransom paid by Colonial Pipeline originally in more ways than one.
After the attack in May, Colonial made a cryptocurrency payment, and in return the company received a decryption tool so it could unlock the systems compromised by the hackers - although that was not enough to restart systems immediately, according to the Wall Street Journal. "This decision was not made lightly, however, one that had to be made". However, it took nearly a week to decrypt the data encrypted with the hacked key and restart the fuel transfer. It is not, however, the first time the government has been able to recover digital currencies paid as ransom to cybercriminals. Sometimes stolen data is more valuable to ransomware criminals than the leverage they get from a network shell, because some victims are reluctant to see their confidential information published online.
FBI Deputy Director Paul Abbate said DarkSide produces ransomware that it sells to hackers who conduct cyberattacks and share a percentage of their proceeds with the malware's developers. There are now more than 100 people on the FBI's quickly-growing list of most-wanted cyber criminals.
Abbate said the FBI has been pursuing an investigation into Darkside since a year ago and has to date identified more than 90 victims across multiple USA critical infrastructure sectors.
Since the server was somewhere in Northern California, officials had the ability to seize it. "Ransomware attacks are always unacceptable - but when they target critical infrastructure, we will spare no effort in our response", Deputy Attorney General Lisa Monaco said at a news conference. "Invest resources now. Failure to do so could be the difference between being secure now, or a victim later", she said.
According to the firm, the pipeline carries 45% of the East Coast's supply of diesel, petrol and jet fuel.
It's unclear if the task force will be consistently successful, however. Experts say ransomware attacks have proliferated in recent years, and the money attackers have hauled in has grown exponentially.
He said he "didn't make [that decision] lightly", but believed "it was the right thing to do for the country". The average such payment topped $300,000. Cybercriminals have also begun to increasingly operate within the borders of US adversaries, particularly Russian Federation.
The Biden administration is seeking to find ways to combat the rise. The Justice Department has launched a task force to better coordinate its approach to the crime wave. The group is said to specialize in creating harmful software that can take over corporate systems, unless ransom in the form of digital currency is paid.
Blunt stated that lawmakers should not allow cryptocurrencies to operate "behind the scenes", calling them the "ransom payment of choice" for hackers. It's a slow game, a long-term game. "The question is: Will this be big enough to change the behavior of DarkSide or of other cyber actors?"