US recovers $2.3 millions paid in ransom to Colonial Pipeline hackers

US Department of Justice announced on Monday that it has seized 63.7 bitcoins currently valued at approximately $2.3 million from the ransom that it paid to the cyber attackers known as ‘DarkSide’ after they hacked the Colonial Pipeline and halted the operations of the critical infrastructure. The seizure warrant was authorized earlier today by Laurel Beeler, US Magistrate Judge for the Northern District of California against the “Victim X”, The Department of Justice said in an official press release.  

An FBI-led operation was conducted into the hacking of the key Georgia-based East Coast pipeline that runs 5,500-mile and its hacking had caused disruption to half of the total fuel supply [about 45 percent] across the Southeastern United States on May 7. This resulted in panic buying of the gasoline, inflation in fuel prices, and abrupt closures of thousands of gas stations. FBI Director Christopher Wray compared the ransomware threats as similar to security challenges posed by the largest crime scenes in FBI history, the 9/11 terrorist attacks. The White House expressed concerns about the rising cybercrimes, an issue that they said President Biden plans to bring up with Russian President Vladimir Putin on the sidelines of the G7 summit. 

An antivirus firm Bitdefender had discovered a glitch in the ransomware that the Russian-based hackers DarkSide had deployed to compromise the computer systems, additionally, the flaw in the digital keys was identified by researchers Fabian Wosar and Michael Gillespie which was used to unlock and lock multiple victims. Having repaired the technical flaw, the DarkSide wrote on the site, “Special thanks to BitDefender for helping fix our issues. This will make us even better.” Russia-based cybercriminals also posted information about at least three other companies on the website on the Dark Web known as the DarkSide Leaks. A multimillion-dollar ransom [$4.4 million]  payment was handed to DarkSide after the cyberattack by the Colonial officials. 

Extortionists 'will never see this money,' Hinds said

Acting US Attorney for the Northern District of California where seizure warrant was filed, Stephanie Hinds, had told a news conference that the extortionists “will never see this money.” The FBI meanwhile had also been nonsupportive of a ransom in cryptocurrency for two obvious reasons (a) the favoured currency of the hackers is hard to trace (b) ransom could encourage additional hacks and compromise in the future. Department’s Ransomware and Digital Extortion Task Force alleged in the supporting affidavit, that by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment on Monday. 

The ransom cryptocurrency had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represented proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes, said the US Department of Justice. 

The Special Prosecutions Section and Asset Forfeiture Unit of the US Attorney’s Office for the Northern District of California has handled the seizure, in coordination with the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section, and the National Security Division’s Counterintelligence and Export Control Section.