FBI Recover Ransom Paid To Pipeline Hackers

The US Justice Department (DoJ)  has recovered most of the $4.4 million (£3.1m) ransom payment made to Russian hackers after a cyber attack that caused the operator of the nation's largest fuel pipeline to halt its operations. The DoJ say that the FBI had somehow obtained the secret key to the hackers Bitcoin wallet and this allowed US agents to unlock the wallet and transfer Bitcoins to a wallet that was controlled by the FBI. 

The Justice Department did not provide details about how the FBI had obtained a key for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the crypto-currency. A San Francisco judge approved the recovery of funds of this "crypto-currency address," which was located somewhere in the Northern District of California. 

The FBI has not explained how they got access and they will probably keep that  secret, although this success may be related to the international law enforcement Operation Trojan Shield in which agencies in 18 countries seized over $148 million in currency, hundreds of illegal weapons, six tons of cocaine and five tons of marijuana. The FBI and other agencies set up and secretly ran the ANOM messaging app, which was designed to suit the needs of organised crime groups. They were then able to access more than 27 million messages sent through the app.

Deputy Attorney General Lisa Monaco said in a press conference. "Today we turned the tables on DarkSide," a Russia-linked cyber crime group blamed in Colonial Pipeline attack. Monaco said that investigators had "recaptured" 63.7 bitcoins, now valued at about $2.3 million, following a drop in the value of crypto currency in recent weeks." 

Joseph Blount, CEO of Colonial Pipeline, said his company had worked closely with the FBI from the beginning and was grateful for the "swift work and professionalism" of the agency. “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said  that he has “deeply sorry” for the effect of the shutdown but had to act fast as it worked to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline and to try to avoid a more sustained shutdown.

The Darkside  attackers entered the company's networks on 29th April and they used a VPN account that no longer worked.

A Colonial control room employee discovered the attack on 7th May, after seeing a ransom note demanding crypto-currency. and started the process of shutting down the pipeline to contain the threat. The shutdown sparked panic in the south-eastern US, where residents were seen lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations ran out of fuel. 

After it emerged that Colonial Pipeline had paid ransom to hackers, President Biden said that the government would take all necessary steps to disrupt hackers' operations. Cyber criminals have increasingly targeted organisations that operate  critical infrastructure across many sectors of the US economy. 

Cyber criminals demand ransom in the form of crytpo-currency because it enables direct online payments regardless of geographical location. In this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there. 

Dept. of Justice:       Dept.of Justice:       WorldPipelines:      CNN:     MBT:   

 Spectrum News:     Computing:    Image:Unsplash

You Might Also Read:

Running Out Of Cyber Gas:

 

« Singapore Is The Cyber Attack Hotspot
Questions Business Leaders Should Ask Themselves »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

Progress Flowmon

Progress Flowmon

Progress Flowmon (formerly Flowmon Networks) provide high performance network monitoring technology and behavior analytics to enhance network performance and deal with cyber threats.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.

Chorology

Chorology

Chorology is a leading provider of intelligently automated, data compliance and posture enforcement solutions.

Ncontracts

Ncontracts

Our mission at Ncontracts is to continually improve our clients’ ability to manage risk and compliance.