FBI Recover Ransom Paid To Pipeline Hackers

Uploaded on 2021-06-14 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

The US Justice Department (DoJ)  has recovered most of the $4.4 million (£3.1m) ransom payment made to Russian hackers after a cyber attack that caused the operator of the nation's largest fuel pipeline to halt its operations. The DoJ say that the FBI had somehow obtained the secret key to the hackers Bitcoin wallet and this allowed US agents to unlock the wallet and transfer Bitcoins to a wallet that was controlled by the FBI. 

The Justice Department did not provide details about how the FBI had obtained a key for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the crypto-currency. A San Francisco judge approved the recovery of funds of this "crypto-currency address," which was located somewhere in the Northern District of California. 

The FBI has not explained how they got access and they will probably keep that  secret, although this success may be related to the international law enforcement Operation Trojan Shield in which agencies in 18 countries seized over $148 million in currency, hundreds of illegal weapons, six tons of cocaine and five tons of marijuana. The FBI and other agencies set up and secretly ran the ANOM messaging app, which was designed to suit the needs of organised crime groups. They were then able to access more than 27 million messages sent through the app.

Deputy Attorney General Lisa Monaco said in a press conference. "Today we turned the tables on DarkSide," a Russia-linked cyber crime group blamed in Colonial Pipeline attack. Monaco said that investigators had "recaptured" 63.7 bitcoins, now valued at about $2.3 million, following a drop in the value of crypto currency in recent weeks." 

Joseph Blount, CEO of Colonial Pipeline, said his company had worked closely with the FBI from the beginning and was grateful for the "swift work and professionalism" of the agency. “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said  that he has “deeply sorry” for the effect of the shutdown but had to act fast as it worked to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline and to try to avoid a more sustained shutdown.

The Darkside  attackers entered the company's networks on 29th April and they used a VPN account that no longer worked.

A Colonial control room employee discovered the attack on 7th May, after seeing a ransom note demanding crypto-currency. and started the process of shutting down the pipeline to contain the threat. The shutdown sparked panic in the south-eastern US, where residents were seen lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations ran out of fuel. 

After it emerged that Colonial Pipeline had paid ransom to hackers, President Biden said that the government would take all necessary steps to disrupt hackers' operations. Cyber criminals have increasingly targeted organisations that operate  critical infrastructure across many sectors of the US economy. 

Cyber criminals demand ransom in the form of crytpo-currency because it enables direct online payments regardless of geographical location. In this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there. 

Dept. of Justice:       Dept.of Justice:       WorldPipelines:      CNN:     MBT:   

 Spectrum News:     Computing:    Image:Unsplash

You Might Also Read:

Running Out Of Cyber Gas:

 

« Singapore Is The Cyber Attack Hotspot
Questions Business Leaders Should Ask Themselves »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

dWallet Labs

dWallet Labs

dWallet Labs is a cybersecurity company specializing in blockchain technology. We believe that the future of Web3 relies on cutting edge cryptography and unabated security.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

Redinent Innovations

Redinent Innovations

Redinent is a cutting-edge IoT Security platform that offers precise security posture analysis and delivers actionable intelligence, empowering businesses to operate with unrivaled resilience.