US recovers millions of bitcoin ransom paid in Colonial Pipeline hack
Joe Biden plans to bring up hacking attacks when he meets Vladimir Putin next week
The US has recaptured “the majority” of the $4.4m in cryptocurrency ransom paid to the perpetrators of the cyberattack on Colonial Pipeline in May that temporarily halted fuel supplies across the US east coast, deputy attorney-general Lisa Monaco said on Monday.
“Ransomware attacks are always unacceptable but when they target critical infrastructure we will spare no effort in our response,” Monaco told reporters in Washington.
Monaco said investigators had seized 63.7 bitcoins, now valued at about $2.3m, paid by Colonial.
Federal Bureau of Investigation (FBI) deputy director Paul Abbate said law enforcement identified a virtual wallet used in the ransom payment and then recovered the funds. He said investigators have found more than 90 companies victimised by DarkSide, a Russia-linked cybercrime group blamed in the pipeline hack.
“Today we turned the tables on DarkSide,” Monaco said, as she called on companies to invest more to protect their critical infrastructure and intellectual property. “DarkSide and its affiliates have been digitally stalking US companies for the better part of last year.”
The ransomware attack in May caused fuel shortages at petrol stations in several states and even affected operations by some airlines and airports. It was part of an increasing trend of such acts against critical infrastructure that is posing an early test of the Biden administration.
Colonial Pipeline ended up paying DarkSide in order to help restore its operations.
US intelligence and law enforcement officials say stopping hacking attacks has become a national security priority, and the issue has raised tensions between the US and Russia. President Joe Biden plans to bring up hacking attacks when he meets Russian President Vladimir Putin next week, White House press secretary Jen Psaki said.
The message at the one-on-one meeting in Geneva on June 16 will be that “responsible states do not harbour ransomware criminals, and responsible countries must take decisive action against those ransomware networks”, Psaki said.
Putin has denied knowing about or being involved in ransomware attacks.
Brazil-based JBS, the world’s largest meat processor, restarted beef production last week after a ransomware attack forced it to halt operations across the globe.
Bloomberg News. More stories like this are available on bloomberg.com
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.