The United States has recovered part of the ransom paid by Colonial Pipeline to hackers

Published on : 06/08/2021 – 02:26

US authorities have won a battle against cybercrime. The US Department of Justice has located and recovered $ 2.3 million in ransom paid by the Colonial Pipeline group to DarkSide, Deputy Minister Lisa Monaco said at a press conference on Monday (June 7).

On May 7, these hackers who, according to the American authorities, are based in Russia, exploited a loophole in the security of the networks of the Colonial group, which transports 45% of the fuels consumed on the east coast of the United States.

They used ransomware, or “ransomware,” a program that encrypts computer systems and demands ransom to unblock them. Colonial had been forced to suspend its operations along its approximately 8,800 kilometers of oil pipelines, which run from Texas to the outskirts of New York. The attack had resulted in panic and a rush to the pump.

To resume the distribution of gasoline as quickly as possible, the boss of Colonial Pipeline, Joseph Blount, had authorized the payment of a ransom in cryptocurrency, or 75 bitcoins, for an amount estimated at 4.4 million dollars. He explained in a statement to have “quickly and discreetly” warned the federal police who were able to follow the consecutive financial transfers.

A success for the United States

Armed with a warrant signed by a California judge, investigators were able to seize 63.7 of these bitcoins on Monday. They had been transferred to a specific address for which the FBI had the “private key”, the equivalent of a password, the Department of Justice said in a statement.

The price of virtual currency has fallen recently, so that the amount recovered is only $ 2.3 million.

This operation is however a success for the American authorities, because it is very rare that the ransoms paid by companies are recovered.

In his press release, the Colonial Pipeline boss praised the FBI’s “fast and professional work”. “Pursuing cybercriminals and disrupting the ecosystem that allows them to operate is the best way to defend ourselves against future attacks,” Blount said.

Lisa Monaco hoped that the example of Colonial Pipeline would encourage companies that were victims of such attacks to communicate quickly with the authorities. Even if there is no “guarantee”, “we may be able to act like today and deprive criminals of the expected benefits,” she pleaded.

Measures to fight cybercrime

Ransomware attacks have increased in recent months, targeting schools, hospitals and businesses, from which millions of dollars have been taken. According to industry experts, they are often orchestrated by actors located in Russia or in the former Soviet republics.

Faced with their resurgence, the American authorities have beefed up their fight system.

President Joe Biden thus issued an executive order to oblige companies to communicate in the event of computer breaches. He also plans to discuss the subject with his Russian counterpart Vladimir Putin during their meeting on June 16 in Geneva.

The Ministry of Justice has, for its part, set up a specialized unit to fight against the acts of computer hackers, the seizure of which announced on Monday was the first coup. He also ordered the country’s prosecutors to immediately escalate any information about such attacks to this cell, modeled on what exists to fight terrorist attacks.

With AFP