FBI Recover Ransom Paid To Pipeline Hackers

The US Justice Department (DoJ)  has recovered most of the $4.4 million (£3.1m) ransom payment made to Russian hackers after a cyber attack that caused the operator of the nation's largest fuel pipeline to halt its operations. The DoJ say that the FBI had somehow obtained the secret key to the hackers Bitcoin wallet and this allowed US agents to unlock the wallet and transfer Bitcoins to a wallet that was controlled by the FBI. 

The Justice Department did not provide details about how the FBI had obtained a key for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the crypto-currency. A San Francisco judge approved the recovery of funds of this "crypto-currency address," which was located somewhere in the Northern District of California. 

The FBI has not explained how they got access and they will probably keep that  secret, although this success may be related to the international law enforcement Operation Trojan Shield in which agencies in 18 countries seized over $148 million in currency, hundreds of illegal weapons, six tons of cocaine and five tons of marijuana. The FBI and other agencies set up and secretly ran the ANOM messaging app, which was designed to suit the needs of organised crime groups. They were then able to access more than 27 million messages sent through the app.

Deputy Attorney General Lisa Monaco said in a press conference. "Today we turned the tables on DarkSide," a Russia-linked cyber crime group blamed in Colonial Pipeline attack. Monaco said that investigators had "recaptured" 63.7 bitcoins, now valued at about $2.3 million, following a drop in the value of crypto currency in recent weeks." 

Joseph Blount, CEO of Colonial Pipeline, said his company had worked closely with the FBI from the beginning and was grateful for the "swift work and professionalism" of the agency. “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said  that he has “deeply sorry” for the effect of the shutdown but had to act fast as it worked to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline and to try to avoid a more sustained shutdown.

The Darkside  attackers entered the company's networks on 29th April and they used a VPN account that no longer worked.

A Colonial control room employee discovered the attack on 7th May, after seeing a ransom note demanding crypto-currency. and started the process of shutting down the pipeline to contain the threat. The shutdown sparked panic in the south-eastern US, where residents were seen lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations ran out of fuel. 

After it emerged that Colonial Pipeline had paid ransom to hackers, President Biden said that the government would take all necessary steps to disrupt hackers' operations. Cyber criminals have increasingly targeted organisations that operate  critical infrastructure across many sectors of the US economy. 

Cyber criminals demand ransom in the form of crytpo-currency because it enables direct online payments regardless of geographical location. In this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there. 

Dept. of Justice:       Dept.of Justice:       WorldPipelines:      CNN:     MBT:   

 Spectrum News:     Computing:    Image:Unsplash

You Might Also Read:

Running Out Of Cyber Gas:

 

« Singapore Is The Cyber Attack Hotspot
Questions Business Leaders Should Ask Themselves »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

StationX

StationX

StationX is a leading provider of cyber security training, consultancy and services.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

Redpoint Cybersecurity

Redpoint Cybersecurity

Redpoint Cybersecurity is a human-led, technology-enabled managed cybersecurity provider specializing in Digital Forensics, Incident Response and proactive cyberattack prevention.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.