The FBI isn’t sleeping on these recent cyberattacks by Russian operatives, announcing the seizure of $2.3 million from hackers this week.
The Colonial Pipeline hack resulted in a ransom of $4.4 million being paid to get Colonial’s computer systems up and running again, but the FBI reportedly has now recovered a good portion.
The agency was able to covertly discover the bitcoin wallet password used by DarkSide, the group initiating the attack.
Authorities accessed the “private key” of the wallet – used by DarkSide to collect ransom payments – and led to the Department of Justice grabbing back $2.3 million.
“Following the money remains one of the most basic, yet powerful tools we have,” DOJ deputy attorney general Lisa Monaco said in the DOJ’s press release.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
Yes, but exactly how did the agency come to own the password? The FBI didn’t say, but a BBC story speculated:
“Perhaps the key was found on seized servers, or gifted by an angry insider, or handed over by a cooperative company used as part of the criminal infrastructure.”
The Colonial hack shut down operations last month and spurred shortages in fuel and dramatic price increases. Colonial alerted the FBI on the day it was hacked, May 7, according to the DOJ.
Joseph Blount, Colonial Pipeline CEO, issued a statement thanking the FBI for its swift and professional work.
“Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” he said.