Colonial Pipeline ransom seized by US
Loading
Once officials identified the address, or “wallet”, that DarkSide had used to collect the payment, it sought permission from a judge in the Northern District of California to seize the funds from the wallet, the New York Times reported.
The filing said the “cryptocurrency address” was located in the Northern District of California.
The FBI said investigators found more than 90 companies victimised by DarkSide, a Russia-linked cyber crime group blamed in the pipeline attack.
“Following the money remains one of the most basic, yet powerful tools we have,” Monaco said.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
“Extortionists will never see the money”: Stephanie Hinds, acting United States Attorney Northern District of California. Credit:AP
“We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks,” she said.
Stephanie Hinds, the acting US attorney for the Northern District of California, where the seizure warrant was filed, said “the extortionists will never see this money”.
The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks. Monaco said the takeaway for the private sector is that if companies come quickly to law enforcement, officials may be able to conduct similar seizures in the future.
Loading
While the government’s efforts were significant, they also underscored the difficulty in going after the perpetrators of ransomware attacks.
To date, no one behind the Colonial Pipeline attack has been publicly indicted, and the hackers still made off with a small portion of the ransom. Even if the people behind the attack are charged, they probably will remain out of reach of US law enforcement agencies.
The ransomware attack in May caused fuel shortages at petrol stations in several states and even affected operations by some airlines and airports. It was part of an increasing trend of such acts against critical infrastructure that is posing an early test of US President Joe Biden’s administration.
Colonial Pipeline said on Monday that it quickly contacted the FBI and federal prosecutors after it was attacked and praised the government for recovering much of the ransom.
Loading
“Holding cybercriminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks of this nature,” Joseph Blount, chief executive officer of the Alpharetta, Georgia-based company, said in a statement.
“We we must continue to take cyberthreats seriously and invest accordingly to harden our defences.”
US intelligence and law enforcement officials say stopping hacking attacks has become a national security priority, and the issue has raised tensions between the US and Russia. Biden plans to bring up hacking attacks when he meets with Russian President Vladimir Putin next week, White House press secretary Jen Psaki has said.
The message at the one-on-one meeting in Geneva on June 16 will be that “responsible states do not harbour ransomware criminals, and responsible countries must take decisive action against those ransomware networks,” Psaki said.
Putin has denied knowing about or being involved in ransomware attacks.
In another episode, Brazilian-based JBS SA, the world’s largest meat processor, restarted beef production last week after a ransomware attack forced it to halt operations across the globe, including in Australia.
“Ransomware attacks are always unacceptable, but when they target critical infrastructure we will spare no effort in our response,” Monaco said.
AP, TNS
